Expand the CHANGES entry for SHA1 and libssl

As well as SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 not working at security level 1 we also document that TLS 1.2 connection will fail if the ClientHello does not have a signature algorithms extension. Fixes #14447 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14465)
author: Matt Caswell <matt@openssl.org> 2021-03-08 16:23:14 +0000
committer: Matt Caswell <matt@openssl.org> 2021-03-10 16:02:35 +0000
commit: 0966aee5ed1e543a3f598713d28194c5c1fd40da (patch)
tree: 2bd0ab8bcea3fb4dd56a20d0355a680330bf33a0 /CHANGES.md
parent: f74f416b915afaa94d2bb7b2a942491450fe5b7b (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 695e43dfef..106f0b08d8 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -568,7 +568,12 @@ OpenSSL 3.0
    reduced. This results in SSL 3, TLS 1.0, TLS 1.1 and DTLS 1.0 no longer
    working at the default security level of 1 and instead requires security
    level 0. The security level can be changed either using the cipher string
-   with `@SECLEVEL`, or calling `SSL_CTX_set_security_level()`.
+   with `@SECLEVEL`, or calling `SSL_CTX_set_security_level()`. This also means
+   that where the signature algorithms extension is missing from a ClientHello
+   then the handshake will fail in TLS 1.2 at security level 1. This is because,
+   although this extension is optional, failing to provide one means that
+   OpenSSL will fallback to a default set of signature algorithms. This default
+   set requires the availability of SHA1.
 
    *Kurt Roeckx*
author	Matt Caswell <matt@openssl.org>	2021-03-08 16:23:14 +0000
committer	Matt Caswell <matt@openssl.org>	2021-03-10 16:02:35 +0000
commit	0966aee5ed1e543a3f598713d28194c5c1fd40da (patch)
tree	2bd0ab8bcea3fb4dd56a20d0355a680330bf33a0 /CHANGES.md
parent	f74f416b915afaa94d2bb7b2a942491450fe5b7b (diff)