From 81de1028bc8e2384af5e3f50fdad2e72f8cfc4f8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bodo=20M=C3=B6ller?= Date: Thu, 22 Jun 2006 12:37:28 +0000 Subject: [PATCH] Change in 0.9.8 branch: Put ECCdraft ciphersuites back into default build (but disabled unless specifically requested) --- CHANGES | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index f799225c8..a2af507a1 100644 --- a/CHANGES +++ b/CHANGES @@ -315,9 +315,13 @@ Changes between 0.9.8b and 0.9.8c [xx XXX xxxx] - *) Disable "ECCdraft" ciphersuites (which were not part of the "ALL" - alias). These are now excluded from compilation by default, since - OpenSSL 0.9.9[-dev] should be used for TLS with elliptic curves. + *) Disable "ECCdraft" ciphersuites more thoroughly. Now special + treatment in ssl/ssl_ciph.s makes sure that these ciphersuites + cannot be implicitly activated as part of, e.g., the "AES" alias. + However, please upgrade to OpenSSL 0.9.9[-dev] for + non-experimental use of the ECC ciphersuites to get TLS extension + support, which is required for curve and point format negotiation + to avoid potential handshake problems. [Bodo Moeller] *) Disable rogue ciphersuites: