diff options
author | Simon Josefsson <simon@josefsson.org> | 2005-10-28 09:45:57 +0000 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2005-10-28 09:45:57 +0000 |
commit | 3c1d06b17cea46ae5cc15d2dfeb80ec862743a09 (patch) | |
tree | b1a18e63ba2d67a8cb034e9250428703808ae9b9 /NEWS | |
parent | 3d4ad88618234c3a6cab832e1fe38e5efced1fcd (diff) | |
download | gnutls-3c1d06b17cea46ae5cc15d2dfeb80ec862743a09.tar.gz |
Add.
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 19 |
1 files changed, 9 insertions, 10 deletions
@@ -5,16 +5,15 @@ See the end for copying conditions. * Version 1.2.9 - MD2 is now supported. -- MD2 and MD5 as X.509 certificate signing algorithms are now disabled - by default. Verifying untrusted certificates signed with these - hashes will now fail with a GNUTLS_CERT_INSECURE_ALGORITHM - verification output. For applications that must remain - interoperable, you can use the GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 or - GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 flags when verifying certificates. - Naturally, this is not recommended to be the default behaviour. - For example, call gnutls_certificate_set_verify_flags with these - flags to change the verification mode used by - gnutls_certificate_verify_peers2. +- Due to cryptographic advances, verifying untrusted X.509 + certificates signed with MD2 or MD5 will now fail with a + GNUTLS_CERT_INSECURE_ALGORITHM verification output. For + applications that must remain interoperable, you can use the + GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 or GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 + flags when verifying certificates. Naturally, this is not + recommended to be the default behaviour. For example, call + gnutls_certificate_set_verify_flags with these flags to change the + verification mode used by gnutls_certificate_verify_peers2. - Make it possible to send empty data through gnutls_record_send, to align with the send API. - The (experimental) low-level crypto alternative to libgcrypt used |