]> ruderich.org/simon Gitweb - tlsproxy/tlsproxy.git/blobdiff - NEWS
ruderich.org/simon / tlsproxy / tlsproxy.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Disable RC4.
[tlsproxy/tlsproxy.git] / NEWS
diff --git a/NEWS b/NEWS
index 9735d131d410cd5c8433e58bc8a0901f16cf5726..3078a208bb2529cb4f210d879438d26a40d5ffad 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -11,10 +11,13 @@ NEWS
 
     certtool --generate-dh-params --sec-param high --outfile proxy-dh.pem
 
-- Use "SECURE" as GnuTLS priority string which disallows insecure algorithms.
+- Use "SECURE" (replacing "NORMAL") as GnuTLS priority string which disallows
+  insecure algorithms.
 - Add -a option, authentication for tlsproxy via basic digest authentication.
 - Add new debug level (-d 3) for even more debug output, including information
   about the current TLS session.
+- Allow rehandshakes for server connections (%SAFE_RENEGOTIATION is forced to
+  prevent security issues).
 - Use pre-generated Diffie-Hellman parameters in proxy-dh.pem.
 - Code cleanup.
 - Better error handling.
Certificate verifying tlsproxy, prevents MITMs by (manipulated) CAs by verifying the server certificate.