Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client).

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 6dabf879fe3d3f155825a1e78ab4d5e1115470e6..0fedee64b8e1c2986d69d12f7505af1d5abed99c 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 1.0.2a and 1.0.2b [xx XXX xxxx]
 
+  *) Only support 256-bit or stronger elliptic curves with the
+     'ecdh_auto' setting (server) or by default (client). Of supported
+     curves, prefer P-256 (both).
+     [Emilia Kasper]
+
   *) Reject DH handshakes with parameters shorter than 768 bits.
      [Kurt Roeckx and Emilia Kasper]