diff options
| author | Jack Lloyd <[email protected]> | 2016-12-30 21:46:04 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-12-30 21:46:04 -0500 |
| commit | 122754bf3dd27ffb81262affc16c78b5a513ed9e (patch) | |
| tree | b13f1efcb2a1b99e88e6b10c53b6e1d597b00337 /news.rst | |
| parent | 0012c59f23ff0d99dc3fd91594040255cd2924bd (diff) | |
Increase default TLS DH min to 2048 bits, and add BSI policy class.
Moves BSI policy file to test data dir where it can be compared with
what the hardcoded class outputs.
Diffstat (limited to 'news.rst')
| -rw-r--r-- | news.rst | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -24,6 +24,10 @@ Version 1.11.35, Not Yet Released * Allow use of custom extensions when creating X.509 certificates (GH #744) +* The default TLS policy now requires 2048 or larger DH groups by default. + +* Add BSI_TR_02102_2 TLS::Policy subclass representing BSI TR-02102-2 recomendations. + * The default Path_Validation_Restrictions constructor has changed to require at least 110 bit signature strength. This means 1024 bit RSA certificates and also SHA-1 certificates are rejected by default. |