[ssl] Add SSL_kDHEPSK and SSL_kECDHEPSK as PFS ciphersuites for SECLEVEL >= 3

Fixes #17743 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17763) (cherry picked from commit b139a95665eb023b38695d62d9dfc28f3fb89972)
author: Nicola Tuveri <nic.tuv@gmail.com> 2022-02-22 16:26:26 +0200
committer: Nicola Tuveri <nic.tuv@gmail.com> 2022-03-02 00:02:10 +0200
commit: a108f66bf4f6edbe436179e62301d8c08bd53aa2 (patch)
tree: 7ae383b4f1929ff91d47e118b1dd13894698ff8e /CHANGES.md
parent: 1925edb2586e00cc502a325271f5528200dc1914 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index a7980daaeb..990442f171 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,12 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 ### Changes between 3.0.1 and 3.0.2 [xx XXX xxxx]
 
+ * Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
+   to the list of ciphersuites providing Perfect Forward Secrecy as
+   required by SECLEVEL >= 3.
+
+   *Dmitry Belyavskiy, Nicola Tuveri*
+
  * Made the AES constant time code for no-asm configurations
    optional due to the resulting 95% performance degradation.
    The AES constant time code can be enabled, for no assembly
author	Nicola Tuveri <nic.tuv@gmail.com>	2022-02-22 16:26:26 +0200
committer	Nicola Tuveri <nic.tuv@gmail.com>	2022-03-02 00:02:10 +0200
commit	a108f66bf4f6edbe436179e62301d8c08bd53aa2 (patch)
tree	7ae383b4f1929ff91d47e118b1dd13894698ff8e /CHANGES.md
parent	1925edb2586e00cc502a325271f5528200dc1914 (diff)