mirror of https://github.com/openssl/openssl
Add a NEWS entry covering the FIPS related changes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21386)
(cherry picked from commit dfc4b6c93b
)
This commit is contained in:
parent
15e041b751
commit
7a3d32ae46
11
CHANGES.md
11
CHANGES.md
|
@ -284,7 +284,16 @@ OpenSSL 3.2
|
|||
OpenSSL 3.1
|
||||
-----------
|
||||
|
||||
### Changes between 3.1.0 and 3.1.1 [xx XXX xxxx]
|
||||
### Changes between 3.1.1 and 3.1.2 [xx XXX xxxx]
|
||||
|
||||
* When building with the `enable-fips` option and using the resulting
|
||||
FIPS provider, TLS 1.2 will, by default, mandate the use of an extended
|
||||
master secret (FIPS 140-3 IG G.Q) and the Hash and HMAC DRBGs will
|
||||
not operate with truncated digests (FIPS 140-3 IG G.R).
|
||||
|
||||
*Paul Dale*
|
||||
|
||||
### Changes between 3.1.0 and 3.1.1 [30 May 2023]
|
||||
|
||||
* Mitigate for the time it takes for `OBJ_obj2txt` to translate gigantic
|
||||
OBJECT IDENTIFIER sub-identifiers to canonical numeric text form.
|
||||
|
|
9
NEWS.md
9
NEWS.md
|
@ -37,7 +37,14 @@ OpenSSL 3.2
|
|||
OpenSSL 3.1
|
||||
-----------
|
||||
|
||||
### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [under development]
|
||||
### Major changes between OpenSSL 3.1.1 and OpenSSL 3.1.2 [under development]
|
||||
|
||||
* When building with the `enable-fips` option and using the resulting
|
||||
FIPS provider, TLS 1.2 will, by default, mandate the use of an
|
||||
extended master secret and the Hash and HMAC DRBGs will not operate
|
||||
with truncated digests.
|
||||
|
||||
### Major changes between OpenSSL 3.1.0 and OpenSSL 3.1.1 [30 May 2023]
|
||||
|
||||
* Mitigate for very slow `OBJ_obj2txt()` performance with gigantic OBJECT
|
||||
IDENTIFIER sub-identities. ([CVE-2023-2650])
|
||||
|
|
Loading…
Reference in New Issue