Add a CHANGES entry for fully pluggable groups

Fixes #12283

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15282)

diff --git a/CHANGES.md b/CHANGES.md
index 8c72ac33d05a2ff74813bd1fbef1fc69f9528332..eb199fac7036f95c5c4ace1e8e47bfd7316e2561 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -315,6 +315,13 @@ OpenSSL 3.0
 
    *Matt Caswell*
 
+ * Implemented support for fully "pluggable" TLSv1.3 groups. This means that
+   providers may supply their own group implementations (using either the "key
+   exchange" or the "key encapsulation" methods) which will automatically be
+   detected and used by libssl.
+
+   *Matt Caswell, Nicola Tuveri*
+
  * The undocumented function X509_certificate_type() has been deprecated;
    applications can use X509_get0_pubkey() and X509_get0_signature() to
    get the same information.

diff --git a/NEWS.md b/NEWS.md
index 78d0772b9aec83357edefcb72d8e66006127330b..13b2511651299859f5bb36b9391bd491bc32fcaa 100644 (file)
--- a/NEWS.md
+++ b/NEWS.md
@@ -20,6 +20,7 @@ OpenSSL 3.0
 
 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
 
+  * Implemented support for fully "pluggable" TLSv1.3 groups
   * Added suport for Kernel TLS (KTLS)
   * Changed the license to the Apache License v2.0.
   * Moved all variations of the EVP ciphers CAST5, BF, IDEA, SEED, RC2,