Deprecate SRP suites [ci skip]

This is kind of implicit by the deprecation of CBC ciphersuites but should be called out more clearly.
author: Jack Lloyd <[email protected]> 2018-11-25 09:59:51 -0500
committer: Jack Lloyd <[email protected]> 2018-11-26 10:37:42 -0500
commit: a512d682fbaf5533b68edefc971e113a68c37037 (patch)
tree: d25d9bef4ee2e0af0acce9878cb53b9f933f36fa /doc
parent: 761a7f36f708b44c7af1dc9387f324d509b4acf6 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/manual/deprecated.rst b/doc/manual/deprecated.rst
index 14a98606d..62c7c1b97 100644
--- a/doc/manual/deprecated.rst
+++ b/doc/manual/deprecated.rst
@@ -39,6 +39,10 @@ in the source.
 
 - TLS: DHE-PSK ciphersuites
 
+- TLS: SRP ciphersuites. All available TLS-SRP suites use obsolete
+  ciphers. It would be better to instead perform a standard TLS
+  negotiation, then a PAKE authentication within the TLS channel.
+
 - TLS: DSA ciphersuites/certs
 
 - TLS: static RSA key exchange ciphersuites
author	Jack Lloyd <[email protected]>	2018-11-25 09:59:51 -0500
committer	Jack Lloyd <[email protected]>	2018-11-26 10:37:42 -0500
commit	a512d682fbaf5533b68edefc971e113a68c37037 (patch)
tree	d25d9bef4ee2e0af0acce9878cb53b9f933f36fa /doc
parent	761a7f36f708b44c7af1dc9387f324d509b4acf6 (diff)