X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=NEWS;h=5bf933b2a85f1d405162552ba554e465ce17953d;hb=8bfeaaf5e1ea9576bb18d56553b4214ee8b0e79f;hp=4327d395f9309e2165147f9529592a41da2eaa4c;hpb=6d66815519fcf6733651adb7c81c737fa2fe4189;p=tlsproxy%2Ftlsproxy.git

diff --git a/NEWS b/NEWS
index 4327d39..5bf933b 100644
--- a/NEWS
+++ b/NEWS
@@ -4,14 +4,23 @@ NEWS
 0.X
 ---
 
+- Important: The file proxy-dh.pem is now required. tlsproxy-setup creates it,
+  but running it will overwrite the existing proxy-*.pem files (which will
+  invalidate all certificate-*-proxy.pem files). To create only proxy-dh.pem
+  use:
+
+    certtool --generate-dh-params --sec-param high --outfile proxy-dh.pem
+
 - Add -a option, authentication for tlsproxy via basic digest authentication.
+- Use pre-generated Diffie-Hellman parameters in proxy-dh.pem.
 - Code cleanup.
 - Better error handling.
 - Fix compile with recent GnuTLS (e.g. 3.2.3).
 - Improve (error) logging; log to stderr.
 - Add (basic) man pages.
 - Improve test suite.
-- tlsproxy-setup: Increase expiry-date and use larger private key.
+- tlsproxy-setup: Increase expiry-date and use larger private key, generate
+                  proxy-dh.pem.
 
 
 0.2