]> git.ipfire.org Git - thirdparty/openssl.git/blobdiff - CHANGES.md
projects / thirdparty / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.
[thirdparty/openssl.git] / CHANGES.md
diff --git a/CHANGES.md b/CHANGES.md
index b5381e9847bc58edc5fafbbd01d2c5b002de66dc..711454ec43d7199de300e945fbcda6df1dc68412 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -237,6 +237,13 @@ OpenSSL 3.1
 
 ### Changes between 3.0 and 3.1.0 [xx XXX xxxx]
 
+ * Add FIPS provider configuration option to enforce the
+   Extended Master Secret (EMS) check during the TLS1_PRF KDF.
+   The option '-ems-check' can optionally be supplied to
+   'openssl fipsinstall'.
+
+   *Shane Lontis*
+
  * The FIPS provider includes a few non-approved algorithms for
    backward compatibility purposes and the "fips=yes" property query
    must be used for all algorithm fetches to ensure FIPS compliance.
A mirror of the official openssl repository