Add TLS_PSK tests

Fix a bug which rejected any short server key exchanges. These can occur with a plain PSK with short or empty identity hints. Disable SHA-224 by default. Remove some vestigal RC4 cruft. Push more on the TLS corruption tests.
author: Jack Lloyd <[email protected]> 2015-11-13 12:52:20 -0500
committer: Jack Lloyd <[email protected]> 2015-11-13 12:52:20 -0500
commit: 406c57f09eac849c10807b74c8e7ba051a6a5c2c (patch)
tree: fcb26fab346948c2647ff7db4144bb9d5ed07295 /doc/news.rst
parent: 3dbcfb6297acfdb8818742acfb0fa9ffe70bcdbc (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/news.rst b/doc/news.rst
index 240d5e67d..f45de0bae 100644
--- a/doc/news.rst
+++ b/doc/news.rst
@@ -17,6 +17,14 @@ Version 1.11.25, Not Yet Released
 * Fixed the signature of botan_pubkey_destroy which took the wrong type and was
   not usable.
 
+* The TLS client would erronously reject any server key exchange
+  packet smaller than 6 bytes. This prevented negotiating a plain PSK
+  TLS ciphersuite with an empty identity hint. ECDHE_PSK and DHE_PSK
+  suites were not affected.
+
+* Support for negotiating use of SHA-224 in TLS has been disabled in the
+  default policy.
+
 Version 1.11.24, 2015-11-04
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
author	Jack Lloyd <[email protected]>	2015-11-13 12:52:20 -0500
committer	Jack Lloyd <[email protected]>	2015-11-13 12:52:20 -0500
commit	406c57f09eac849c10807b74c8e7ba051a6a5c2c (patch)
tree	fcb26fab346948c2647ff7db4144bb9d5ed07295 /doc/news.rst
parent	3dbcfb6297acfdb8818742acfb0fa9ffe70bcdbc (diff)