Change in 0.9.8 branch:

author Bodo Möller <bodo@openssl.org>

Thu, 22 Jun 2006 12:37:28 +0000 (12:37 +0000)

committer Bodo Möller <bodo@openssl.org>

Thu, 22 Jun 2006 12:37:28 +0000 (12:37 +0000)
author Bodo Möller <bodo@openssl.org>
Thu, 22 Jun 2006 12:37:28 +0000 (12:37 +0000)
committer Bodo Möller <bodo@openssl.org>
Thu, 22 Jun 2006 12:37:28 +0000 (12:37 +0000)
diff --git a/CHANGES b/CHANGES

index f799225c8bba3b3af4dd21c489fe7a5073d629bf..a2af507a1a5a2876d33c3ce4cb58fa9f9334e09b 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -315,9 +315,13 @@
  
   Changes between 0.9.8b and 0.9.8c  [xx XXX xxxx]
  
-  *) Disable "ECCdraft" ciphersuites (which were not part of the "ALL"
-     alias).  These are now excluded from compilation by default, since
-     OpenSSL 0.9.9[-dev] should be used for TLS with elliptic curves.
+  *) Disable "ECCdraft" ciphersuites more thoroughly.  Now special
+     treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
+     cannot be implicitly activated as part of, e.g., the "AES" alias.
+     However, please upgrade to OpenSSL 0.9.9[-dev] for
+     non-experimental use of the ECC ciphersuites to get TLS extension
+     support, which is required for curve and point format negotiation
+     to avoid potential handshake problems.
       [Bodo Moeller]
  
    *) Disable rogue ciphersuites:
author	Bodo Möller <bodo@openssl.org>
	Thu, 22 Jun 2006 12:37:28 +0000 (12:37 +0000)
committer	Bodo Möller <bodo@openssl.org>
	Thu, 22 Jun 2006 12:37:28 +0000 (12:37 +0000)