** libgnutls: Provide the option of transparent re-handshake/reauthentication
when the GNUTLS_AUTO_REAUTH flag is specified in gnutls_init().
+** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
+
+** libgnutls: The priority functions will ignore and not enable TLS1.3 if
+ requested with legacy TLS versions enabled but not TLS1.2. That is because
+ if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
+ servers which do not support TLS1.3 will negotiate TLS1.2 which will be
+ rejected by the client as disabled (#621).
+
+** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
+ in the priority string. It is only accepted as legacy option and is ignored.
+
** libgnutls: Added support for AES-CFB8 cipher (#357)
** libgnutls: Added support for AES-CMAC MAC (#351)
have incorrectly used CryptoPro-A S-BOX instead of proper (CryptoPro-B/-C/-D
S-BOXes). They are fixed now.
-** libgnutls: gnutls_priority_init() and friends, allow the CTYPE-OPENPGP keyword
- in the priority string. It is only accepted as legacy option and is ignored.
-
-** libgnutls: Added support for TLS 1.3 zero round-trip (0-RTT) mode (#127)
-
** libgnutls: Added support for GOST key unmasking and unwrapped GOST private
keys parsing, as specified in R 50.1.112-2016.
-** libgnutls: The priority functions will ignore and not enable TLS1.3 if
- requested with legacy TLS versions enabled but not TLS1.2. That is because
- if such a priority string is used in the client side (e.g., TLS1.3+TLS1.0 enabled)
- servers which do not support TLS1.3 will negotiate TLS1.2 which will be
- rejected by the client as disabled (#621).
+** gnutls-serv: It applies the default settings when no --priority option is given,
+ using gnutls_set_default_priority().
** p11tool: Fix initialization of security officer's PIN with the --initialize-so-pin
option (#561)
-** gnutls-serv: It applies the default settings when no --priority option is given,
- using gnutls_set_default_priority().
-
** certtool: Add parameter --no-text that prevents certtool from outputting
text before PEM-encoded private key, public key, certificate, CRL or CSR.