From: Matt Caswell <matt@openssl.org>
Date: Mon, 8 Mar 2021 16:23:14 +0000 (+0000)
Subject: Expand the CHANGES entry for SHA1 and libssl
X-Git-Tag: openssl-3.0.0-alpha13~13
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0966aee5ed1e543a3f598713d28194c5c1fd40da;p=thirdparty%2Fopenssl.git

Expand the CHANGES entry for SHA1 and libssl

As well as SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 not working at
security level 1 we also document that TLS 1.2 connection will fail
if the ClientHello does not have a signature algorithms extension.

Fixes #14447

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14465)
---

diff --git a/CHANGES.md b/CHANGES.md
index 695e43dfef..106f0b08d8 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -568,7 +568,12 @@ OpenSSL 3.0
    reduced. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
    working at the default security level of 1 and instead requires security
    level 0. The security level can be changed either using the cipher string
-   with `@SECLEVEL`, or calling `SSL_CTX_set_security_level()`.
+   with `@SECLEVEL`, or calling `SSL_CTX_set_security_level()`. This also means
+   that where the signature algorithms extension is missing from a ClientHello
+   then the handshake will fail in TLS 1.2 at security level 1. This is because,
+   although this extension is optional, failing to provide one means that
+   OpenSSL will fallback to a default set of signature algorithms. This default
+   set requires the availability of SHA1.
 
    *Kurt Roeckx*