Version negotiation rewrite doc updates

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index de00a8a4ce8d437fe2137d9e349a080ffd6447a7..8600b8166c7e3b29c3950aad47493da54b1f12fe 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,10 +4,23 @@
 
  Changes between 1.0.2 and 1.1.0  [xx XXX xxxx]
 
+  *) Version negotiation has been rewritten. In particular SSLv23_method(),
+     SSLv23_client_method() and SSLv23_server_method() have been deprecated,
+     and turned into macros which simply call the new preferred function names
+     TLS_method(), TLS_client_method() and TLS_server_method(). All new code
+     should use the new names instead. Also as part of this change the ssl23.h
+     header file has been removed.
+     [Matt Caswell]
+
+  *) Support for Kerberos ciphersuites in TLS (RFC2712) has been removed. This
+     code and the associated standard is no longer considered fit-for-purpose.
+     [Matt Caswell]
+
   *) Added HTTP GET support to the ocsp command.
      [Rich Salz]
 
-  *) RAND_pseudo_bytes has been deprecated. Users should use RAND bytes instead.
+  *) RAND_pseudo_bytes has been deprecated. Users should use RAND_bytes instead.
+     [Matt Caswell]
 
   *) Added support for TLS extended master secret from
      draft-ietf-tls-session-hash-03.txt. Thanks for Alfredo Pironti for an