NEWS
====

0.X
---

- Important: The file proxy-dh.pem is now required. tlsproxy-setup creates it,
  but running it will overwrite the existing proxy-*.pem files (which will
  invalidate all certificate-*-proxy.pem files). To create only proxy-dh.pem
  use:

    certtool --generate-dh-params --sec-param high --outfile proxy-dh.pem

- Use "SECURE" (replacing "NORMAL") as GnuTLS priority string which disallows
  insecure algorithms.
- Add -a option, authentication for tlsproxy via basic digest authentication.
- Add new debug level (-d 3) for even more debug output, including information
  about the current TLS session.
- Allow rehandshakes for server connections (%SAFE_RENEGOTIATION is forced to
  prevent security issues).
- Use pre-generated Diffie-Hellman parameters in proxy-dh.pem.
- Code cleanup.
- Better error handling.
- Fix compile with recent GnuTLS (e.g. 3.2.3).
- Improve (error) logging; log to stderr.
- Add (basic) man pages.
- Improve test suite.
- tlsproxy-setup: Increase expiry-date and use larger private key, generate
                  proxy-dh.pem.


0.2
---

- Add -u option, passthrough TLS connections to unknown hostnames.
- Add ./configure --disable-ipv6 for IPv4 only machines.
- Send HTML with error messages (not only headers).


0.1
---

- First release.