NEWS about specifying trustchain HASH algorithm requirements

author: Martin Willi <martin@revosec.ch> 2012-06-12 14:43:55 +0200
committer: Martin Willi <martin@revosec.ch> 2012-06-12 15:01:39 +0200
commit: 5a6e5e0d2d2c62dc31e1866432a6584b3150f000 (patch)
tree: 1604587d93378bf139b32af13a3b51de47bcef22 /NEWS
parent: 7c4214bd385be9a754facec116562183c447bddc (diff)
download: strongswan-5a6e5e0d2d2c62dc31e1866432a6584b3150f000.tar.bz2
strongswan-5a6e5e0d2d2c62dc31e1866432a6584b3150f000.tar.xz
1 files changed, 7 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index b7d1104ab..45f7de835 100644
--- a/NEWS
+++ b/NEWS
@@ -15,6 +15,13 @@ strongswan-5.0.0
 - Source routes are reinstalled if interfaces are reactivated or IP addresses
   reappear.
 
+- In addition to trustchain key strength definitions for different public key
+  systems, the rightauth option now takes a list of signature hash algorithms
+  considered save for trustchain validation. For example, the setting
+  rightauth=rsa-2048-ecdsa-256-sha256-sha384-sha512 requires a trustchain
+  that uses at least RSA-2048 or ECDSA-256 keys and certificate signatures
+  using SHA-256 or better.
+
 
 strongswan-4.6.4
 ----------------
author	Martin Willi <martin@revosec.ch>	2012-06-12 14:43:55 +0200
committer	Martin Willi <martin@revosec.ch>	2012-06-12 15:01:39 +0200
commit	5a6e5e0d2d2c62dc31e1866432a6584b3150f000 (patch)
tree	1604587d93378bf139b32af13a3b51de47bcef22 /NEWS
parent	7c4214bd385be9a754facec116562183c447bddc (diff)
download	strongswan-5a6e5e0d2d2c62dc31e1866432a6584b3150f000.tar.bz2 strongswan-5a6e5e0d2d2c62dc31e1866432a6584b3150f000.tar.xz