projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
check for error when creating PKCS#8 structure
[openssl.git] / CHANGES
diff --git a/CHANGES b/CHANGES
index 3044aa7dd91d4479fec09c58f88a5b3df6751285..c65ce826be575ac604eae669dcb44de283e09011 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,24 @@
  OpenSSL CHANGES
  _______________
 
+ Changes between 1.0.2a and 1.0.2b [xx XXX xxxx]
+
+  *) Removed support for the two export grade static DH ciphersuites
+     EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
+     were newly added (along with a number of other static DH ciphersuites) to
+     1.0.2. However the two export ones have *never* worked since they were
+     introduced. It seems strange in any case to be adding new export
+     ciphersuites, and given "logjam" it also does not seem correct to fix them.
+     [Matt Caswell]
+
+  *) Only support 256-bit or stronger elliptic curves with the
+     'ecdh_auto' setting (server) or by default (client). Of supported
+     curves, prefer P-256 (both).
+     [Emilia Kasper]
+
+  *) Reject DH handshakes with parameters shorter than 768 bits.
+     [Kurt Roeckx and Emilia Kasper]
+
  Changes between 1.0.2 and 1.0.2a [19 Mar 2015]
 
   *) ClientHello sigalgs DoS fix
Unnamed repository; edit this file 'description' to name the repository.