diff --git a/ChangeLog b/ChangeLog index 96a09ae72..582a9df2c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20,9 +20,9 @@ Security (found using Codenomicon Defensics). Features - * Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv) - * Add support for Extended Master Secret (draft-ietf-tls-session-hash) - * Add support for Encrypt-then-MAC (RFC 7366) + * Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv). + * Add support for Extended Master Secret (draft-ietf-tls-session-hash). + * Add support for Encrypt-then-MAC (RFC 7366). * Add function pk_check_pair() to test if public and private keys match. * Add x509_crl_parse_der(). * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the @@ -33,7 +33,7 @@ Features for pre-1.2 clients when multiple certificates are available. * Add support for getrandom() syscall on recent Linux kernels with Glibc or a compatible enough libc (eg uClibc). - * Add ssl_set_arc4_support() to make it easier to diable RC4 at runtime + * Add ssl_set_arc4_support() to make it easier to disable RC4 at runtime while using the default ciphersuite list. Bugfix @@ -41,8 +41,8 @@ Bugfix add_len (found by Jean-Philippe Aumasson) (not triggerable remotely). * Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE if memory_buffer_alloc_init() was called with buf not aligned and len not - a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE. - * User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found + a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE (not triggerable remotely). + * User set CFLAGS were ignored by Cmake with gcc (introduced in 1.3.9, found by Julian Ospald). * Fix potential undefined behaviour in Camellia. * Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a @@ -60,7 +60,7 @@ Changes * A specific error is now returned when there are ciphersuites in common but none of them is usable due to external factors such as no certificate with a suitable (extended)KeyUsage or curve or no PSK set. - * It is now possible to disable neogtiation of truncated HMAC server-side + * It is now possible to disable negotiation of truncated HMAC server-side at runtime with ssl_set_truncated_hmac(). * Example programs for SSL client and server now disable SSLv3 by default. * Example programs for SSL client and server now disable RC4 by default.