From: Nikos Mavrogiannopoulos Date: Mon, 30 Mar 2015 04:47:51 +0000 (+0200) Subject: doc update X-Git-Tag: gnutls_3_4_0~74 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cd63908bc897231728c819ef8e9e2660daae6fa2;p=thirdparty%2Fgnutls.git doc update --- diff --git a/NEWS b/NEWS index 06f6e4577d..147fca026c 100644 --- a/NEWS +++ b/NEWS @@ -17,8 +17,9 @@ list. It has to be explicitly enabled, e.g., with a string like ** libgnutls: DSA signatures and DHE-DSS are no longer included in the default priorities list. They have to be explicitly enabled, e.g., with -a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". This -string will be needed when using the OpenPGP ciphersuites. +a string like "NORMAL:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1". The +DSA ciphersuites were dropped because they had no deployment at all +on the internet, to justify their inclusion. ** libgnutls: Added API to utilize system specific private keys in "gnutls/system-keys.h". It is currently provided as technology preview @@ -28,18 +29,18 @@ and is restricted to windows CNG keys. RFC6125 comparison of hostnames. That introduces a dependency on libidn. ** libgnutls: Added support for encrypt-then-authenticate in CBC -** ciphersuites (RFC7366 -taking into account its errata text). This -is enabled by default and can be disabled using the %NO_ETM priority +ciphersuites (RFC7366 -taking into account its errata text). This is +enabled by default and can be disabled using the %NO_ETM priority string. ** libgnutls: Depend on p11-kit 0.23.1 to comply with the final -PKCS #11 URL draft (draft-pechanec-pkcs11uri-21). +PKCS #11 URLs draft (draft-pechanec-pkcs11uri-21). ** libgnutls: Use getrandom() or getentropy() when available. That -avoids the complexity of file descriptor handling and the issues with -applications closing all open file descriptors. +avoids the complexity of file descriptor handling and issues with +applications closing all open file descriptors on startup. -** libgnutls: Use pthread_atfork() to detect fork. +** libgnutls: Use pthread_atfork() to detect fork when available. ** libgnutls: Added support for the extended master secret (triple-handshake fix) following draft-ietf-tls-session-hash-02. @@ -50,7 +51,8 @@ applications closing all open file descriptors. draft-mavrogiannopoulos-chacha-tls-04 and draft-irtf-cfrg-chacha20-poly1305-10. That is currently provided as technology preview and is not enabled by default, since there are no assigned ciphersuite points by IETF and there -is no guarrantee of compatibility between draft versions. +is no guarrantee of compatibility between draft versions. The ciphersuite +priority string to enable it is "+CHACHA20-POLY1305". ** libgnutls: Added a new simple and hard to misuse AEAD API (crypto.h). @@ -61,9 +63,6 @@ default. was already defunc as support for the EXPORT ciphersuites was removed in GnuTLS 3.2.0. -** libgnutls: When printing a certificate request print the signature -algorithm as well. - ** libgnutls: If a key purpose (extended key usage) is specified for verification, it is applied into intermediate certificates. The verification result GNUTLS_CERT_PURPOSE_MISMATCH is also introduced.