From 44f33b019e90340e4399d2f950554b921db63ade Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Wed, 17 Jan 2018 17:35:54 +0100 Subject: doc update [ci skip] Signed-off-by: Nikos Mavrogiannopoulos --- NEWS | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index d456513b4b..9af0883325 100644 --- a/NEWS +++ b/NEWS @@ -7,11 +7,6 @@ See the end for copying conditions. * Version 3.6.2 (unreleased) -** libgnutls: The SRP authentication will reject any parameters outside - RFC5054. This protects any client from potential MitM due to insecure - parameters. That also brings SRP in par with the RFC7919 changes to - Diffie-Hellman. - ** libgnutls: When verifying against a self signed certificate ignore issuer. That is, ignore issuer when checking the issuer's parameters strength, resolving issue #347 which caused self signed certificates to be additionally marked as of @@ -22,6 +17,21 @@ See the end for copying conditions. padding (as 1 byte), while at the same time considers the rest of the padding as part of data MTU. +** libgnutls: Address issue of loading of all PKCS#11 modules on startup + on systems with a PKCS#11 trust store (as opposed to a file trust store). + Introduced a multi-stage initialization which loads the trust modules, and + other modules are deferred for the first pure PKCS#11 request. + +** libgnutls: The SRP authentication will reject any parameters outside + RFC5054. This protects any client from potential MitM due to insecure + parameters. That also brings SRP in par with the RFC7919 changes to + Diffie-Hellman. + +** libgnutls: Added the 8192-bit parameters of SRP to the accepted parameters + for SRP authentication. + +** srptool: the --create-conf option no longer includes 1024-bit parameters. + ** API and ABI modifications: No changes since last version. -- cgit v1.2.1