Reduce the security bits for MD5 and SHA1 based signatures in TLS

This has as effect that SHA1 and MD5+SHA1 are no longer supported at security level 1, and that TLS < 1.2 is no longer supported at the default security level of 1, and that you need to set the security level to 0 to use TLS < 1.2. Reviewed-by: Tim Hudson <tjh@openssl.org> GH: #10787
author: Kurt Roeckx <kurt@roeckx.be> 2020-01-02 23:25:27 +0100
committer: Kurt Roeckx <kurt@roeckx.be> 2020-06-27 08:41:40 +0200
commit: aba03ae571ea677fc484daef00a21ca8f7e82708 (patch)
tree: bf3f446083418e99c72828d32986d616c2e4c66b /CHANGES.md
parent: 526f1f1acab4fe96f618ab785a5f2ecabf0035d5 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 982e677fcc..8f8ee33415 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -119,6 +119,14 @@ OpenSSL 3.0
 
    *Paul Dale*
 
+ * The security strength of SHA1 and MD5 based signatures in TLS has been
+   reduced. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
+   working at the default security level of 1 and instead requires security
+   level 0. The security level can be changed either using the cipher string
+   with @SECLEVEL, or calling SSL_CTX_set_security_level().
+
+   *Kurt Roeckx*
+
  * EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH(), and
    EVP_PKEY_get0_EC_KEY() can now handle EVP_PKEYs with provider side
    internal keys, if they correspond to one of those built in types.
author	Kurt Roeckx <kurt@roeckx.be>	2020-01-02 23:25:27 +0100
committer	Kurt Roeckx <kurt@roeckx.be>	2020-06-27 08:41:40 +0200
commit	aba03ae571ea677fc484daef00a21ca8f7e82708 (patch)
tree	bf3f446083418e99c72828d32986d616c2e4c66b /CHANGES.md
parent	526f1f1acab4fe96f618ab785a5f2ecabf0035d5 (diff)