Merge new security defaults for programs (RC4 disabled, SSL3 disabled)

commit: 5b8f7eaa3e876298402e96dcda1b73c7e7a8f0f1 [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Wed Jan 14 16:26:54 2015 +0100
committer: Paul Bakker <p.j.bakker@polarssl.org> Wed Jan 14 16:26:54 2015 +0100
tree: ce1f7934a89526ee39bf158da03a71d81491eb12
parent: 36adc3631caa03dc91b113f81f26aa8543629e52 [diff] [blame]
parent: fa06581c73f560df57738d6ea72452cdbbb451f2 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index d336409..96a09ae 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -33,6 +33,8 @@
      for pre-1.2 clients when multiple certificates are available.
    * Add support for getrandom() syscall on recent Linux kernels with Glibc or
      a compatible enough libc (eg uClibc).
+   * Add ssl_set_arc4_support() to make it easier to diable RC4 at runtime
+     while using the default ciphersuite list.
 
 Bugfix
    * Stack buffer overflow if ctr_drbg_update() is called with too large
@@ -60,6 +62,8 @@
      with a suitable (extended)KeyUsage or curve or no PSK set.
    * It is now possible to disable neogtiation of truncated HMAC server-side
      at runtime with ssl_set_truncated_hmac().
+   * Example programs for SSL client and server now disable SSLv3 by default.
+   * Example programs for SSL client and server now disable RC4 by default.
 
 = PolarSSL 1.3.9 released 2014-10-20
 Security
commit	5b8f7eaa3e876298402e96dcda1b73c7e7a8f0f1	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Wed Jan 14 16:26:54 2015 +0100
committer	Paul Bakker <p.j.bakker@polarssl.org>	Wed Jan 14 16:26:54 2015 +0100
tree	ce1f7934a89526ee39bf158da03a71d81491eb12
parent	36adc3631caa03dc91b113f81f26aa8543629e52 [diff] [blame]
parent	fa06581c73f560df57738d6ea72452cdbbb451f2 [diff] [blame]