Branch: Tag:

2020-02-24

2020-02-24 00:09:58 by Tobias S. Josefowitz <tobij@tobij.de>

CHANGES: Document signature algorithm change

30:    The SSL module now supports session ticket both client and server side.    This functionality has been backported from 8.1/master.    + o Standards.X509 +  +  Standards.X509 now allows the user to select acceptable signature +  algorithms to be used in the verification of certificates. +    o Stdio.PROP_TTY       Stdio.File()->pipe() can now be used to create tty-capable
187:      o SSL    -  When verifying the hostname against the certificate, only accept * +  - When verifying the hostname against the certificate, only accept *    (wildcard) for one level, i.e. *.example.com matches foo.example.com,    but not www.foo.example.com. Previously, all levels were matched.    -  +  - No longer accept MD2, MD5, and SHA1 as signature algorithms when +  verification is requested. MD2 and MD5 are outright dangerous at +  this point, and SHA1 should no longer be very relevant as web +  browsers already force CAs for several years to no longer issue any +  SHA1 certs anymore. +  +  Acceptable signature algorithms are however configurable via +  SSL.Context now, in case support of older/insecure algorithms is +  vehemently required by an application. +    o SSL.File       Do not close automatically on write error.