Only support >= 256-bit elliptic curves with ecdh_auto (server) or by default (client).

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 8600b8166c7e3b29c3950aad47493da54b1f12fe..397ff2c6e1d0539a7a380d8d3080d2605b998a41 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -396,7 +396,14 @@
      whose return value is often ignored. 
      [Steve Henson]
 
- Changes between 1.0.2 and 1.0.2a [xx XXX xxxx]
+ Changes between 1.0.2a and 1.0.2b [xx XXX xxxx]
+
+  *) Only support 256-bit or stronger elliptic curves with the
+     'ecdh_auto' setting (server) or by default (client). Of supported
+     curves, prefer P-256 (both).
+     [Emilia Kasper]
+
+ Changes between 1.0.2 and 1.0.2a [19 Mar 2015]
 
   *) ClientHello sigalgs DoS fix