]> ruderich.org/simon Gitweb - tlsproxy/tlsproxy.git/blobdiff - NEWS
ruderich.org/simon / tlsproxy / tlsproxy.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use "SECURE:-SHA1:+SHA1" as GnuTLS priority string.
[tlsproxy/tlsproxy.git] / NEWS
diff --git a/NEWS b/NEWS
index 184b0d6fff0a178979df39b507bbd8e49e131cbd..30b8672d573f85de031f18e07f3e8a8b0c7399a5 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,12 +1,36 @@
 NEWS
 ====
 
+0.X
+---
+
+- Important: The file proxy-dh.pem is now required. tlsproxy-setup creates it,
+  but running it will overwrite the existing proxy-*.pem files. To create only
+  proxy-dh.pem use:
+
+    certtool --generate-dh-params --sec-param high --outfile proxy-dh.pem
+
+- Add -a option, authentication for tlsproxy via basic digest authentication.
+- Use pre-generated Diffie-Hellman parameters in proxy-dh.pem.
+- Code cleanup.
+- Better error handling.
+- Fix compile with recent GnuTLS (e.g. 3.2.3).
+- Improve (error) logging; log to stderr.
+- Add (basic) man pages.
+- Improve test suite.
+- tlsproxy-setup: Increase expiry-date and use larger private key, generate
+                  proxy-dh.pem.
+
+
 0.2
 ---
-- add -u option, passthrough TLS connections to unknown hostnames
-- add ./configure --disable-ipv6 for IPv4 only machines
-- send HTML with error messages (not only headers)
+
+- Add -u option, passthrough TLS connections to unknown hostnames.
+- Add ./configure --disable-ipv6 for IPv4 only machines.
+- Send HTML with error messages (not only headers).
+
 
 0.1
 ---
-- first release
+
+- First release.
Certificate verifying tlsproxy, prevents MITMs by (manipulated) CAs by verifying the server certificate.