From: Bodo Möller <bodo@openssl.org>
Date: Thu, 22 Jun 2006 12:37:28 +0000 (+0000)
Subject: Change in 0.9.8 branch:
X-Git-Tag: OpenSSL_0_9_8k^2~1241
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=81de1028bc8e2384af5e3f50fdad2e72f8cfc4f8;p=oweals%2Fopenssl.git

Change in 0.9.8 branch:
Put ECCdraft ciphersuites back into default build (but disabled
unless specifically requested)
---

diff --git a/CHANGES b/CHANGES
index f799225c8b..a2af507a1a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -315,9 +315,13 @@
 
  Changes between 0.9.8b and 0.9.8c  [xx XXX xxxx]
 
-  *) Disable "ECCdraft" ciphersuites (which were not part of the "ALL"
-     alias).  These are now excluded from compilation by default, since
-     OpenSSL 0.9.9[-dev] should be used for TLS with elliptic curves.
+  *) Disable "ECCdraft" ciphersuites more thoroughly.  Now special
+     treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
+     cannot be implicitly activated as part of, e.g., the "AES" alias.
+     However, please upgrade to OpenSSL 0.9.9[-dev] for
+     non-experimental use of the ECC ciphersuites to get TLS extension
+     support, which is required for curve and point format negotiation
+     to avoid potential handshake problems.
      [Bodo Moeller]
 
   *) Disable rogue ciphersuites: