Reduce priority of 3DES ciphersuites

commit: 4a512281eccdac959f1a62a3047111120768c198 [log] [tgz]
author: Andres Amaya Garcia <andres.amayagarcia@arm.com> Tue Oct 30 18:21:41 2018 +0000
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Fri Mar 01 10:19:27 2019 +0100
tree: 3d798eb30eb158d41ad9c8b9280a658f8a2a3549
parent: 86016a03a1c28b5d4ddd4d27aa950794e3b51143 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 2500919..abd12d5 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -7,10 +7,8 @@
      which allows copy-less parsing of DER encoded X.509 CRTs,
      at the cost of additional lifetime constraints on the input
      buffer, but at the benefit of reduced RAM consumption.
-
-API Changes
-   * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
-     See the Features section for more information.
+   * Add MBEDTLS_REMOVE_3DES_CIPHERSUITES to allow removing 3DES ciphersuites
+     from the default list (inactive by default).
 
 Bugfix
    * Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined
@@ -53,6 +51,11 @@
      underlying OS actually guarantees.
    * Fix configuration queries in ssl-opt.h. #2030
    * Ensure that ssl-opt.h can be run in OS X. #2029
+   * Ciphersuites based on 3DES now have the lowest priority by default.
+
+API Changes
+   * Add a new X.509 API call `mbedtls_x509_parse_der_nocopy()`.
+     See the Features section for more information.
 
 = mbed TLS 2.16.0 branch released 2018-12-21
commit	4a512281eccdac959f1a62a3047111120768c198	[log] [tgz]
author	Andres Amaya Garcia <andres.amayagarcia@arm.com>	Tue Oct 30 18:21:41 2018 +0000
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Fri Mar 01 10:19:27 2019 +0100
tree	3d798eb30eb158d41ad9c8b9280a658f8a2a3549
parent	86016a03a1c28b5d4ddd4d27aa950794e3b51143 [diff] [blame]