Changelog entry and migration guide for hash and curve profile upgrades Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 3758fd6b79914d060124b5492da85a5693672bb5 [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Wed Jun 02 00:07:17 2021 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Thu Jun 17 21:46:14 2021 +0200
tree: 5f206c3b17a1c3c4b7772866e9248be15f98d319
parent: ae270bf3860aad2c68430d6381be586a72c4f1ab [diff] [blame]
diff --git a/ChangeLog.d/default-curves.txt b/ChangeLog.d/default-curves.txt
new file mode 100644
index 0000000..1a80562
--- /dev/null
+++ b/ChangeLog.d/default-curves.txt

@@ -0,0 +1,8 @@
+Default behavior changes
+   * Some default policies for X.509 certificate verification and TLS have
+     changed: curves and hashes weaker than 255 bits are no longer accepted
+     by default.
+
+Removals
+   * Remove the compile-time option
+     MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE.
commit	3758fd6b79914d060124b5492da85a5693672bb5	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Wed Jun 02 00:07:17 2021 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Thu Jun 17 21:46:14 2021 +0200
tree	5f206c3b17a1c3c4b7772866e9248be15f98d319
parent	ae270bf3860aad2c68430d6381be586a72c4f1ab [diff] [blame]