Add changelog entry

commit: 2e51098b34ff57cd9601f2ad27faae9e296eb237 [log] [tgz]
author: Jarno Lamsa <jarno.lamsa@arm.com> Thu Jun 13 10:42:13 2019 +0300
committer: Jarno Lamsa <jarno.lamsa@arm.com> Thu Jun 13 10:42:13 2019 +0300
tree: 0b85cd36f52afacf206692abbb51c2add943a340
parent: 31d940ba5e55f64c1548145a28a08eb94ac1aade [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index e769dc2..a48baf4 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -24,6 +24,14 @@
      mbedtls_ssl_session_load() to allow serializing a session, for example to
      store it in non-volatile storage, and later using it for TLS session
      resumption.
+   * Add new API function mbedtls_ssl_conf_extended_master_secret_enforce() to
+     allow enforcing the usage of ExtendedMasterSecret extension. If the
+     extension is used and this option is enabled, handshakes not leading to
+     the use of the extended master secret will be aborted. On the server,
+     fail the handshake if client doesn't advertise the ExtendedMasterSecret
+     extension. On the client, fail the handshake if the server doesn't
+     consent to the use of the ExtendedMasterSecret extension in its
+     ServerHello.
 
 Bugfix
    * Server's RSA certificate in certs.c was SHA-1 signed. In the default
commit	2e51098b34ff57cd9601f2ad27faae9e296eb237	[log] [tgz]
author	Jarno Lamsa <jarno.lamsa@arm.com>	Thu Jun 13 10:42:13 2019 +0300
committer	Jarno Lamsa <jarno.lamsa@arm.com>	Thu Jun 13 10:42:13 2019 +0300
tree	0b85cd36f52afacf206692abbb51c2add943a340
parent	31d940ba5e55f64c1548145a28a08eb94ac1aade [diff] [blame]