NEWS: updated [ci skip]

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

diff --git a/NEWS b/NEWS
index 87862db2a501b2be237fa275a70c3e1ed635b5c2..4efc209fdd7be39bc219323af5d375ad9487377f 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -10,6 +10,17 @@ See the end for copying conditions.
 ** libgnutls: Provide the option of transparent re-handshake/reauthentication
    when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init().
 
+** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
+
+** libgnutls: The priority functions will ignore and not enable TLS1.3 if
+   requested with legacy TLS versions enabled but not TLS1.2. That is because
+   if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
+   servers which do not support TLS1.3 will negotiate TLS1.2 which will be
+   rejected by the client as disabled (#621).
+
+** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
+   in the priority string. It is only accepted as legacy option and is ignored.
+
 ** libgnutls: Added support for AES-CFB8 cipher (#357)
 
 ** libgnutls: Added support for AES-CMAC MAC (#351)
@@ -18,26 +29,15 @@ See the end for copying conditions.
    have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
    S-BOXes). They are fixed now.
 
-** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
-   in the priority string. It is only accepted as legacy option and is ignored.
-
-** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
-
 ** libgnutls: Added support for GOST key unmasking and unwrapped GOST private
    keys parsing, as specified in R 50.1.112-2016.
 
-** libgnutls: The priority functions will ignore and not enable TLS1.3 if
-   requested with legacy TLS versions enabled but not TLS1.2. That is because
-   if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
-   servers which do not support TLS1.3 will negotiate TLS1.2 which will be
-   rejected by the client as disabled (#621).
+** gnutls-serv: It applies the default settings when no --priority option is given,
+   using gnutls_set_default_priority().
 
 ** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin
    option (#561)
 
-** gnutls-serv: It applies the default settings when no --priority option is given,
-   using gnutls_set_default_priority().
-
 ** certtool: Add parameter --no-text that prevents certtool from outputting
    text before PEM-encoded private key, public key, certificate, CRL or CSR.