Changeset 9a26df9 in mod_gnutls


Ignore:
Timestamp:
Jun 24, 2020, 3:28:12 PM (4 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
master
Children:
3e7427a
Parents:
8d0efdc
Message:

Update Changelog

File:
1 edited

Legend:

Unmodified
Added
Removed
  • CHANGELOG

    r8d0efdc r9a26df9  
    1616  connections (TLS 1.3 connections only).
    1717
     18- Disable session tickets by default. The GnuTLS built-in key rotation
     19  for session tickets never actually changes the primary key, just
     20  derives keys from it, so it does not provide forward secrecy in case
     21  an attacker learns the primary key (by gaining access to server
     22  RAM). A reload of the server is enough to generate a new key, so
     23  consider enabling session tickets and reloading the server every few
     24  hours, at least until a forward-secret rotation can be implemented.
     25
    1826- Add ./configure option to disable building PDF documentation
     27
     28- Deprecate SRP and disable it by default.
    1929
    2030** Version 0.10.0 (2020-02-03)
Note: See TracChangeset for help on using the changeset viewer.