diff options
| author | Jack Lloyd <[email protected]> | 2015-11-13 12:52:20 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2015-11-13 12:52:20 -0500 |
| commit | 406c57f09eac849c10807b74c8e7ba051a6a5c2c (patch) | |
| tree | fcb26fab346948c2647ff7db4144bb9d5ed07295 /doc | |
| parent | 3dbcfb6297acfdb8818742acfb0fa9ffe70bcdbc (diff) | |
Add TLS_PSK tests
Fix a bug which rejected any short server key exchanges. These can
occur with a plain PSK with short or empty identity hints.
Disable SHA-224 by default.
Remove some vestigal RC4 cruft.
Push more on the TLS corruption tests.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/manual/tls.rst | 3 | ||||
| -rw-r--r-- | doc/news.rst | 8 |
2 files changed, 10 insertions, 1 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index f96f27620..1926d5c08 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -560,8 +560,9 @@ policy settings from a file. Returns the list of algorithms we are willing to use for public key signatures, in order of preference. - Default: "SHA-512", "SHA-384", "SHA-256", "SHA-224" + Default: "SHA-512", "SHA-384", "SHA-256" + Also allowed: "SHA-224" Also allowed (although **not recommended**): "MD5", "SHA-1" .. note:: diff --git a/doc/news.rst b/doc/news.rst index 240d5e67d..f45de0bae 100644 --- a/doc/news.rst +++ b/doc/news.rst @@ -17,6 +17,14 @@ Version 1.11.25, Not Yet Released * Fixed the signature of botan_pubkey_destroy which took the wrong type and was not usable. +* The TLS client would erronously reject any server key exchange + packet smaller than 6 bytes. This prevented negotiating a plain PSK + TLS ciphersuite with an empty identity hint. ECDHE_PSK and DHE_PSK + suites were not affected. + +* Support for negotiating use of SHA-224 in TLS has been disabled in the + default policy. + Version 1.11.24, 2015-11-04 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |