aboutsummaryrefslogtreecommitdiffstats
path: root/news.rst
diff options
context:
space:
mode:
Diffstat (limited to 'news.rst')
-rw-r--r--news.rst15
1 files changed, 15 insertions, 0 deletions
diff --git a/news.rst b/news.rst
index 2055485ef..4d37c84ed 100644
--- a/news.rst
+++ b/news.rst
@@ -17,6 +17,21 @@ Version 1.11.34, Not Yet Released
* Salsa20 now accepts a null IV as equivalent to an all-zero one (GH #697)
+* Optimize ECKCDSA verification (GH #700 #701 #702)
+
+* A plain sockets version of the HTTP client has been added, so OCSP
+ checks occur even in non-Boost builds.
+
+* The default TLS policy now disables static RSA ciphersuites, all DSA ciphersuites,
+ and the AES CCM-8 ciphersuites.
+
+ Disabling static RSA by default protects servers from oracle attacks,
+ as well as enforcing a forward secure ciphersuite. Some applications
+ may be forced to re-enable RSA to interop with old or misconfigured peers.
+
+ DSA and CCM-8 are rarely used, and likely should not be negotiated
+ outside of special circumstances.
+
* The deprecated RNGs HMAC_RNG and X9.31 RNG have been removed. Now the only
userspace PRNG included in the library is HMAC_DRBG. (GH #692)