From: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Date: Wed, 8 Jan 2020 19:17:55 +0000 (+0300)
Subject: NEWS: expand documentation for GOST priority strings
X-Git-Tag: 3.6.12~27^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6dd2e52ed063f6355bbed195df8a38ebf3f712f3;p=thirdparty%2Fgnutls.git

NEWS: expand documentation for GOST priority strings

Use +GOST-ALL shortcut to enable GOST ciphersuites. Also document newly
added GOST shortcuts.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
---

diff --git a/NEWS b/NEWS
index 51f1f05779..5d4b55f2eb 100644
--- a/NEWS
+++ b/NEWS
@@ -17,8 +17,9 @@ See the end for copying conditions.
 
 ** libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
    draft-smyshlyaev-tls12-gost-suites-06).
-   By default this ciphersuite is disabled. One has to add following items to priority strings:
-   +VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001.
+   By default this ciphersuite is disabled. One has to enable it by adding
+   +GOST to priority string. It will enable this ciphersuite (and other GOST
+   ciphersuites in future).
    Note, that server will fail to negotiate GOST ciphersuites if TLS 1.3 is
    enabled both on a server and a client. It is recommended for now to disable
    TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers.
@@ -39,6 +40,9 @@ See the end for copying conditions.
 ** certtool: The add_extension template option is considered even when generating
    a certificate from a certificate request.
 
+** libgnutls: added priority shortcuts for different GOST categories like
+   CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.
+
 ** API and ABI modifications:
 gnutls_ocsp_req_const_t: Added