Revise s_client and s_server verbiage re secure renegotiation.

Since TLS v1.3 eschews renegotiation entirely it’s misleading to have these apps say it’s “not supported” when in fact the TLS version is new enough not to need renegotiation at all. Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16937)
author: Felipe Gasper <felipe@felipegasper.com> 2021-10-28 10:13:47 -0400
committer: Tomas Mraz <tomas@openssl.org> 2021-11-02 16:30:10 +0100
commit: af5e63e1e3300f784f302a5d3309bf673cc08894 (patch)
tree: 80b29cb3085b48eb17744aa74d5247fa572b7677 /CHANGES.md
parent: e81c81c9af8a5d22658110d2dc753582eb87a58e (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 4902332206..940d450fdf 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,6 +24,13 @@ OpenSSL 3.1
 
 ### Changes between 3.0 and 3.1 [xx XXX xxxx]
 
+ * s_client and s_server apps now explicitly say when the TLS version
+   does not include the renegotiation mechanism. This avoids confusion
+   between that scenario versus when the TLS version includes secure
+   renegotiation but the peer lacks support for it.
+
+   *Felipe Gasper*
+
  * The default SSL/TLS security level has been changed from 1 to 2. RSA,
    DSA and DH keys of 1024 bits and above and less than 2048 bits and ECC keys
    of 160 bits and above and less than 224 bits were previously accepted by
author	Felipe Gasper <felipe@felipegasper.com>	2021-10-28 10:13:47 -0400
committer	Tomas Mraz <tomas@openssl.org>	2021-11-02 16:30:10 +0100
commit	af5e63e1e3300f784f302a5d3309bf673cc08894 (patch)
tree	80b29cb3085b48eb17744aa74d5247fa572b7677 /CHANGES.md
parent	e81c81c9af8a5d22658110d2dc753582eb87a58e (diff)