aboutsummaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorlloyd <[email protected]>2015-01-21 20:58:04 +0000
committerlloyd <[email protected]>2015-01-21 20:58:04 +0000
commit316a7b79146e8003d33f50b58e1c6c3ba9874a32 (patch)
treee9b049271ac1e4ff963e67caac30cb29f9e7b9a0 /doc
parent1f59fa09984cb364c1dc560043ffa735e1f23494 (diff)
Update TLS OCB ciphersuites to match draft-zauner-tls-aes-ocb-00
and enable them in the default build, though still not enabled in the runtime policy.
Diffstat (limited to 'doc')
-rw-r--r--doc/manual/tls.rst3
-rw-r--r--doc/relnotes/1_11_14.rst9
-rw-r--r--doc/relnotes/index.rst1
3 files changed, 13 insertions, 0 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index c2cdeb667..4ac7b5cb3 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -517,6 +517,9 @@ be negotiated during a handshake.
Also allowed: "Camellia-256/GCM", "Camellia-128/GCM",
"Camellia-256", "Camellia-128"
+ Also allowed (though currently experimental): "AES-128/OCB(12)",
+ "AES-256/OCB(12)"
+
Also allowed (although **not recommended**): "SEED", "3DES", "RC4"
.. note::
diff --git a/doc/relnotes/1_11_14.rst b/doc/relnotes/1_11_14.rst
new file mode 100644
index 000000000..0fabe190e
--- /dev/null
+++ b/doc/relnotes/1_11_14.rst
@@ -0,0 +1,9 @@
+1.11.14, Not Yet Released
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+* OCB mode, which provides a fast and constant time AEAD mode without
+ requiring hardware support, is now supported in TLS, following
+ draft-zauner-tls-aes-ocb-00. Because this specification is not yet
+ finalized is not yet enabled by the default policy, and the
+ ciphersuite numbers used are in the experimental range and may
+ conflict with other uses.
diff --git a/doc/relnotes/index.rst b/doc/relnotes/index.rst
index 24a13dfb9..ff92f9e4f 100644
--- a/doc/relnotes/index.rst
+++ b/doc/relnotes/index.rst
@@ -8,6 +8,7 @@ Series 1.11
.. toctree::
:maxdepth: 1
+ 1_11_14
1_11_13
1_11_12
1_11_11