NEWS: expand documentation for GOST priority strings

Use +GOST-ALL shortcut to enable GOST ciphersuites. Also document newly
added GOST shortcuts.

Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

diff --git a/NEWS b/NEWS
index 51f1f057793efb64ea2a93f204e2d6b662dfaa3d..5d4b55f2ebe318f28c092316a11e8502038ccb12 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -17,8 +17,9 @@ See the end for copying conditions.
 
 ** libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
    draft-smyshlyaev-tls12-gost-suites-06).
-   By default this ciphersuite is disabled. One has to add following items to priority strings:
-   +VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001.
+   By default this ciphersuite is disabled. One has to enable it by adding
+   +GOST to priority string. It will enable this ciphersuite (and other GOST
+   ciphersuites in future).
    Note, that server will fail to negotiate GOST ciphersuites if TLS 1.3 is
    enabled both on a server and a client. It is recommended for now to disable
    TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers.
@@ -39,6 +40,9 @@ See the end for copying conditions.
 ** certtool: The add_extension template option is considered even when generating
    a certificate from a certificate request.
 
+** libgnutls: added priority shortcuts for different GOST categories like
+   CIPHER-GOST-ALL, MAC-GOST-ALL, KX-GOST-ALL, SIGN-GOST-ALL, GROUP-GOST-ALL.
+
 ** API and ABI modifications:
 gnutls_ocsp_req_const_t: Added