diff options
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 8 |
1 files changed, 6 insertions, 2 deletions
@@ -7,6 +7,10 @@ See the end for copying conditions. * Version 3.6.0 (unreleased) +** libgnutls: Added support for RFC7919 group negotiation. That makes the + Diffie-Hellman parameters negotiation more robust and less prone to errors + due to insecure parameters. + ** libgnutls: Introduced various sanity checks on certificate import. Refuse to import certificates which have fractional seconds in Time fields, X.509v1 certificates which have the unique identifiers set, and certificates with illegal @@ -49,8 +53,8 @@ See the end for copying conditions. in RFC5280. ** libgnutls: No longer enable SECP192R1 and SECP224R1 by default on TLS handshakes. - These curves were rarely used for that purpose and provide no advantage over - x25519. + These curves were rarely used for that purpose, provide no advantage over + x25519 and were deprecated by TLS 1.3. ** libgnutls: SHA1 was marked as insecure for certificate signatures. Verification of certificates signed with SHA1 is now considered insecure and will |