projects / oweals / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Reorganize the internal evp_keymgmt functions
[oweals/openssl.git] / NEWS
diff --git a/NEWS b/NEWS
index de439d6bb134509597989994b8e916d9ddca2daf..4d7f0d01c6e45c862e5fa3b889bafa9f0607946c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -7,6 +7,10 @@
 
   Major changes between OpenSSL 1.1.1 and OpenSSL 3.0.0 [under development]
 
+      o X509 certificates signed using SHA1 are no longer allowed at security
+        level 1 or higher. The default security level for TLS is 1, so
+        certificates signed using SHA1 are by default no longer trusted to
+        authenticate servers or clients.
       o enable-crypto-mdebug and enable-crypto-mdebug-backtrace were mostly
         disabled; the project uses address sanitize/leak-detect instead.
       o Added OSSL_SERIALIZER, a generic serializer API.
Unnamed repository; edit this file 'description' to name the repository.