doc update

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-07-20 14:48:33 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2017-07-21 16:24:56 +0200
commit: 65c37bb3c474294724bae2d6b03452cc66256515 (patch)
tree: 0be8b715f33782a750a298a22801dd6435eb2404 /NEWS
parent: e879972581a63e10fcd809a28878832b3b1605d3 (diff)
download: gnutls-65c37bb3c474294724bae2d6b03452cc66256515.tar.gz
1 files changed, 6 insertions, 2 deletions
diff --git a/NEWS b/NEWS
index 655181a163..7f79e832b2 100644
--- a/NEWS
+++ b/NEWS
@@ -52,11 +52,15 @@ See the end for copying conditions.
    These curves were rarely used for that purpose and provide no advantage over
    x25519.
 
-** libgnutls: SHA1 was removed from the trusted set of hashes. Verification
-   and other operations relying on SHA1 is now considered insecure and will
+** libgnutls: SHA1 was marked as insecure for certificate signatures. Verification
+   of certificates signed with SHA1 is now considered insecure and will
    fail, unless flags intended to enable broken algorithms are set. This
    can be reverted on compile time with the configure flag --enable-sha1-support.
 
+** libgnutls: RIPEMD160 was marked as insecure for certificate signatures. Verification
+   of certificates signed with RIPEMD160 hash algorithm is now considered insecure and
+   will fail, unless flags intended to enable broken algorithms are set.
+
 ** libgnutls: Added support for PKCS#12 files with no (zero length) salt used in their
    password encoding, and PKCS#12 files using SHA384 and SHA512 as MAC.
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-07-20 14:48:33 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2017-07-21 16:24:56 +0200
commit	65c37bb3c474294724bae2d6b03452cc66256515 (patch)
tree	0be8b715f33782a750a298a22801dd6435eb2404 /NEWS
parent	e879972581a63e10fcd809a28878832b3b1605d3 (diff)
download	gnutls-65c37bb3c474294724bae2d6b03452cc66256515.tar.gz