diff options
author | Jack Lloyd <[email protected]> | 2017-11-28 18:45:09 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2017-11-28 18:45:09 -0500 |
commit | 07bc7ad6d6189575ae16fb5d87d257d93277eb3e (patch) | |
tree | 9706c1df334179cbaa7629b97e99df40f402bad9 | |
parent | c32ca55e773ebfc4862ce25e3bf683979880d8b8 (diff) |
Update news
-rw-r--r-- | news.rst | 11 |
1 files changed, 9 insertions, 2 deletions
@@ -16,8 +16,15 @@ Version 2.4.0, Not Yet Released * Add support for AES key wrapping with padding, as specified in RFC 5649 and NIST SP 800-38F (GH #1301) -* Fix several minor bugs in the TLS code caught by tlsfuzzer, mostly related to - sending the wrong alert type in various circumstances. +* Increase the maximum HMAC key length from 512 bytes to 4096 bytes. This allows + using a DH key exchange with a group greater than 4096 bits. (GH #1316) + +* Fix a bug in the TLS server where, on receiving an SSLv3 client hello, it + would attempt to negotiate TLS v1.2. Now a protocol_version alert is sent. + Found with tlsfuzzer. (GH #1316) + +* Fix several bugs related to sending the wrong alert type in various error + scenarious, caught with tlsfuzzer. * Add support for a ``tls_http_server`` command line utility which responds to simple GET requests. This is useful for testing against a browser, or various |