zzy/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Correct NEWS entry about required security level for old versions of TLS, DTLS and SSL

Browse Source 
The entry was incorrect because suites using RSA key exchange without SHA1
were permitted at security level 1.

Partial fix for #18194

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18234)

(cherry picked from commit 3226a37a4875567f2bf49aa44a727bcb67bb7dcd)
This commit is contained in:
Pauli 2022-05-04 11:26:02 +10:00
parent 16ff70a58c
commit 50d1d92de9
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
NEWS.md
View File

@ -122,7 +122,8 @@ OpenSSL 3.0
RC4, RC5 and SEED cipher functions have been deprecated.
* All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions
have been deprecated.
* SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
* SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0,
except when RSA key exchange without SHA1 is used.
* Added providers, a new pluggability concept that will replace the
ENGINE API and ENGINE implementations.