Move 'shared_sigalgs' from cert_st to ssl_st

[oweals/openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index ef2a890d7c42040691d01417754b509942601b9a..0b9add534d1d9682506709f7b2cbead5a743740d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -9,6 +9,22 @@
 
  Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
 
+  *) Use SHA256 as the default digest for TS query in the ts app.
+     [Tomas Mraz]
+
+  *) Change PBKDF2 to conform to SP800-132 instead of the older PKCS5 RFC2898.
+     This checks that the salt length is at least 128 bits, the derived key
+     length is at least 112 bits, and that the iteration count is at least 1000.
+     For backwards compatibility these checks are disabled by default in the
+     default provider, but are enabled by default in the fips provider.
+     To enable or disable these checks use the control
+     EVP_KDF_CTRL_SET_PBKDF2_PKCS5_MODE.
+     [Shane Lontis]
+
+  *) Default cipher lists/suites are now avaialble via a function, the
+     #defines are deprecated.
+     [Todd Short]
+
   *) Add target VC-WIN32-UWP, VC-WIN64A-UWP, VC-WIN32-ARM-UWP and
      VC-WIN64-ARM-UWP in Windows OneCore target for making building libraries
      for Windows Store apps easier. Also, the "no-uplink" option has been added.
@@ -26,7 +42,7 @@
   *) Added command 'openssl kdf' that uses the EVP_KDF API.
      [Shane Lontis]
 
-   *) Added command 'openssl mac' that uses the EVP_MAC API.
+  *) Added command 'openssl mac' that uses the EVP_MAC API.
      [Shane Lontis]
 
   *) Added OPENSSL_info() to get diverse built-in OpenSSL data, such