diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2020-01-12 12:38:20 +0000 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2020-01-12 12:38:20 +0000 |
commit | 0b2ceb2e945be38e8e64bd6ed7cdddca1ed0ac0b (patch) | |
tree | f8feeaceb3a8f2978503fbc2298a8b172787e9c2 /NEWS | |
parent | e87834cb2524553085819b3c6e493bf3b608ab44 (diff) | |
parent | 6dd2e52ed063f6355bbed195df8a38ebf3f712f3 (diff) | |
download | gnutls-0b2ceb2e945be38e8e64bd6ed7cdddca1ed0ac0b.tar.gz |
Merge branch 'gost-priorities' into 'master'
Extend GOST priority settings and documentation
See merge request gnutls/gnutls!1160
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -20,8 +20,9 @@ See the end for copying conditions. ** libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by draft-smyshlyaev-tls12-gost-suites-06). - By default this ciphersuite is disabled. One has to add following items to priority strings: - +VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001. + By default this ciphersuite is disabled. One has to enable it by adding + +GOST to priority string. It will enable this ciphersuite (and other GOST + ciphersuites in future). Note, that server will fail to negotiate GOST ciphersuites if TLS 1.3 is enabled both on a server and a client. It is recommended for now to disable TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers. @@ -47,6 +48,9 @@ See the end for copying conditions. ** certtool: The add_extension template option is considered even when generating a certificate from a certificate request. +** libgnutls: added priority shortcuts for different GOST categories like + CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL. + ** API and ABI modifications: GNUTLS_SFLAGS_CLI_REQUESTED_OCSP: Added gnutls_ocsp_req_const_t: Added |