NEWS: add news entry, describing TLS 1.3 vs GOST issues

author Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Wed, 27 Nov 2019 12:48:57 +0000 (15:48 +0300)

committer Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>

Wed, 18 Dec 2019 20:43:27 +0000 (23:43 +0300)
author Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Wed, 27 Nov 2019 12:48:57 +0000 (15:48 +0300)
committer Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
Wed, 18 Dec 2019 20:43:27 +0000 (23:43 +0300)
diff --git a/NEWS b/NEWS

index 85398a7f69124c290f25608320e846451afca6b6..05833c83effb5f1e20c42902f0db24cd2e19e353 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,14 @@ See the end for copying conditions.
  ** libgnutls: Introduced the gnutls_ocsp_req_const_t which is compatible
     with gnutls_ocsp_req_t but const.
  
+** libgnutls: Added support for GOST CNT_IMIT ciphersuite (as defined by
+   draft-smyshlyaev-tls12-gost-suites-06).
+   By default this ciphersuite is disabled. One has to add following items to priority strings:
+   +VKO-GOST-12:+GROUP-GOST-ALL:+GOST28147-TC26Z-CNT:+GOST28147-TC26Z-IMIT:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001.
+   Note, that server will fail to negotiate GOST ciphersuites if TLS 1.3 is
+   enabled both on a server and a client. It is recommended for now to disable
+   TLS 1.3 in setups where GOST ciphersuites are enabled on GnuTLS-based servers.
+
  ** API and ABI modifications:
  gnutls_ocsp_req_const_t: Added
author	Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
	Wed, 27 Nov 2019 12:48:57 +0000 (15:48 +0300)
committer	Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
	Wed, 18 Dec 2019 20:43:27 +0000 (23:43 +0300)