From: Geert Hendrickx Date: Fri, 28 Feb 2025 13:50:32 +0000 (+0100) Subject: Fix `no-tls-deprecated-ec` documentation to match the actual option. X-Git-Tag: openssl-3.5.0-alpha1~41 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=89dbc6a62cdfb9185527ef585a3d6c5f02763647;p=thirdparty%2Fopenssl.git Fix `no-tls-deprecated-ec` documentation to match the actual option. CLA: trivial Reviewed-by: Tomas Mraz Reviewed-by: Viktor Dukhovni (Merged from https://github.com/openssl/openssl/pull/26934) --- diff --git a/CHANGES.md b/CHANGES.md index d846e789a88..f6c487de7ff 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,51 +30,51 @@ OpenSSL 3.5 ### Changes between 3.4 and 3.5 [xx XXX xxxx] -* Added a `no-tls-deprecated-ec-groups` configuration option. + * Added a `no-tls-deprecated-ec` configuration option. - The `no-tls-deprecated-ec-groups` option disables support for TLS elliptic - curve groups deprecated in RFC8422 at compile time. This does not affect use - of the associated curves outside TLS. By default support for these groups is - compiled in, but, as before, they are not included in the default run-time - list of supported groups. + The `no-tls-deprecated-ec` option disables support for TLS elliptic curve + groups deprecated in RFC8422 at compile time. This does not affect use of + the associated curves outside TLS. By default support for these groups is + compiled in, but, as before, they are not included in the default run-time + list of supported groups. - With the `enable-tls-deprecated-ec` option these TLS groups remain enabled at - compile time even if the default configuration is changed, provided the - underlying EC curves remain implemented. + With the `enable-tls-deprecated-ec` option these TLS groups remain enabled at + compile time even if the default configuration is changed, provided the + underlying EC curves remain implemented. - *Viktor Dukhovni* + *Viktor Dukhovni* -* Added new API to enable 0-RTT for 3rd party QUIC stacks. + * Added new API to enable 0-RTT for 3rd party QUIC stacks. - *Cheng Zhang* + *Cheng Zhang* -* Added support for a new callback registration `SSL_CTX_set_new_pending_conn_cb`, - which allows for application notification of new connection SSL object - creation, which occurs independently of calls to `SSL_accept_connection()`. - Note: QUIC objects passed through SSL callbacks should not have their state - mutated via calls back into the SSL api until such time as they have been - received via a call to `SSL_accept_connection()`. + * Added support for a new callback registration `SSL_CTX_set_new_pending_conn_cb`, + which allows for application notification of new connection SSL object + creation, which occurs independently of calls to `SSL_accept_connection()`. + Note: QUIC objects passed through SSL callbacks should not have their state + mutated via calls back into the SSL api until such time as they have been + received via a call to `SSL_accept_connection()`. - *Neil Horman* + *Neil Horman* -* Add SLH-DSA as specified in FIPS 205. + * Add SLH-DSA as specified in FIPS 205. - *Shane Lontis and Dr Paul Dale* + *Shane Lontis and Dr Paul Dale* -* ML-KEM as specified in FIPS 203. + * ML-KEM as specified in FIPS 203. - Based on the original implementation in BoringSSL, ported from C++ to C, - refactored, and integrated into the OpenSSL default and FIPS providers. - Including also the X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM1024 - TLS hybrid key post-quantum/classical key agreement schemes. + Based on the original implementation in BoringSSL, ported from C++ to C, + refactored, and integrated into the OpenSSL default and FIPS providers. + Including also the X25519MLKEM768, SecP256r1MLKEM768, SecP384r1MLKEM1024 + TLS hybrid key post-quantum/classical key agreement schemes. - *Michael Baentsch, Viktor Dukhovni, Shane Lontis and Paul Dale* + *Michael Baentsch, Viktor Dukhovni, Shane Lontis and Paul Dale* -* Add ML-DSA as specified in FIPS 204. + * Add ML-DSA as specified in FIPS 204. - The base code was derived from BoringSSL C++ code. + The base code was derived from BoringSSL C++ code. - *Shane Lontis, Viktor Dukhovni and Paul Dale* + *Shane Lontis, Viktor Dukhovni and Paul Dale* * Added new API calls to enable 3rd party QUIC stacks to use the OpenSSL TLS implementation.