diff options
Diffstat (limited to 'doc/relnotes')
| -rw-r--r-- | doc/relnotes/1_11_1.rst | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/doc/relnotes/1_11_1.rst b/doc/relnotes/1_11_1.rst index 79a304e50..8d46e04f3 100644 --- a/doc/relnotes/1_11_1.rst +++ b/doc/relnotes/1_11_1.rst @@ -20,10 +20,14 @@ from memory dumps (eg with a cold boot attack). The keys used in :cpp:func:`session encryption <TLS::Session::encrypt>` were previously uniquely determined by the master key. Now the encrypted session blob includes two 80 bit salts which are used in the -derivation of the cipher and MAC keys. Sessions saved by 1.11.0 will -not load in this version and vice versa. In both cases this will not -cause any errors, the session will simply not resume and instead a -full handshake will occur. +derivation of the cipher and MAC keys. + +The ``secure_renegotiation`` flag is now considered an aspect of the +connection rather than the session, which matches the behavior of +other implementations. As the format has changed, sessions saved to +persistent storage by 1.11.0 will not load in this version and vice +versa. In either case this will not cause any errors, the session will +simply not resume and instead a full handshake will occur. New policy hooks :cpp:func:`TLS::Policy::acceptable_protocol_version` and :cpp:func:`TLS::Policy::allow_server_initiated_renegotiation` were |