diff options
author | Pauli <pauli@openssl.org> | 2022-05-04 11:26:02 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2022-05-06 10:43:40 +1000 |
commit | 3226a37a4875567f2bf49aa44a727bcb67bb7dcd (patch) | |
tree | 07a0cc0fafd58d2ed7c0dfac98338e65164c487a /NEWS.md | |
parent | 37a6e9efe013f9e6a840e38beb81e44b9fee3629 (diff) | |
download | openssl-3226a37a4875567f2bf49aa44a727bcb67bb7dcd.zip openssl-3226a37a4875567f2bf49aa44a727bcb67bb7dcd.tar.gz openssl-3226a37a4875567f2bf49aa44a727bcb67bb7dcd.tar.bz2 |
Correct NEWS entry about required security level for old versions of TLS, DTLS and SSL
The entry was incorrect because suites using RSA key exchange without SHA1
were permitted at security level 1.
Partial fix for #18194
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/18234)
Diffstat (limited to 'NEWS.md')
-rw-r--r-- | NEWS.md | 3 |
1 files changed, 2 insertions, 1 deletions
@@ -115,7 +115,8 @@ OpenSSL 3.0 RC4, RC5 and SEED cipher functions have been deprecated. * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions have been deprecated. - * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0. + * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0, + except when RSA key exchange without SHA1 is used. * Added providers, a new pluggability concept that will replace the ENGINE API and ENGINE implementations. |