diff options
| author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2020-01-08 22:17:55 +0300 |
|---|---|---|
| committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2020-01-10 02:22:58 +0300 |
| commit | 6dd2e52ed063f6355bbed195df8a38ebf3f712f3 (patch) | |
| tree | ef0559192e1998287caa04fb57217e53c20ad18d /NEWS | |
| parent | b30d88217e292f21304c02e79916c9a268d2ab5b (diff) | |
| download | gnutls-6dd2e52ed063f6355bbed195df8a38ebf3f712f3.tar.gz | |
NEWS: expand documentation for GOST priority strings
Use +GOST-ALL shortcut to enable GOST ciphersuites. Also document newly
added GOST shortcuts.
Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -17,8 +17,9 @@ See the end for copying conditions. ** libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by draft-smyshlyaev-tls12-gost-suites-06). - By default this ciphersuite is disabled. One has to add following items to priority strings: - +VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001. + By default this ciphersuite is disabled. One has to enable it by adding + +GOST to priority string. It will enable this ciphersuite (and other GOST + ciphersuites in future). Note, that server will fail to negotiate GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers. @@ -39,6 +40,9 @@ See the end for copying conditions. ** certtool: The add_extension template option is considered even when generating a certificate from a certificate request. +** libgnutls: added priority shortcuts for different GOST categories like + CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL. + ** API and ABI modifications: gnutls_ocsp_req_const_t: Added |