From b0be5d7c39d4a5f7d29db4630926a4cef7c3edce Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 3 Sep 2020 09:51:16 +0200 Subject: NEWS: Mention 3.6.15 changes Signed-off-by: Daiki Ueno --- NEWS | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/NEWS b/NEWS index 755a67c88c..982c801237 100644 --- a/NEWS +++ b/NEWS @@ -5,6 +5,33 @@ Copyright (C) 2000-2016 Free Software Foundation, Inc. Copyright (C) 2013-2019 Nikos Mavrogiannopoulos See the end for copying conditions. +* Version 3.6.15 (unreleased) + +** libgnutls: If FIPS self-tests are failed, gnutls_fips140_mode_enabled() now + indicates that with a false return value (!1306). + +** libgnutls: Under FIPS mode, the generated ECDH/DH public keys are checked + accordingly to SP800-56A rev 3 (!1295, !1299). + +** libgnutls: gnutls_x509_crt_export2() now returns 0 upon success, rather than + the size of the internal base64 blob (#1025). The new behavior aligns to the + existing documentation. + +** libgnutls: Certificate verification failue due to OCSP must-stapling is not + honered is now correctly marked with the GNUTLS_CERT_INVALID flag + (!1317). The new behavior aligns to the existing documentation. + +** libgnutls: The audit log message for weak hashes is no longer printed twice + (!1301). + +** libgnutls: Fixed version negotiation when TLS 1.3 is enabled and TLS 1.2 is + disabled in the priority string. Previously, even when TLS 1.2 is explicitly + disabled with "-VERS-TLS1.2", the server still offered TLS 1.2 if TLS 1.3 is + enabled (#1054). + +** API and ABI modifications: +No changes since last version. + * Version 3.6.14 (released 2020-06-03) ** libgnutls: Fixed insecure session ticket key construction, since 3.6.4. -- cgit v1.2.1