Initial TLS v1.2 client support. Include a default supported signature

algorithms extension (including everything we support). Swicth to new signature format where needed and relax ECC restrictions. Not TLS v1.2 client certifcate support yet but client will handle case where a certificate is requested and we don't have one.
author: Dr. Stephen Henson <steve@openssl.org> 2011-05-09 15:44:01 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-05-09 15:44:01 +0000
commit: a2f9200fba20ae7c25531c2f2ce6f80610f257e2 (patch)
tree: 4fd0e58601a0e3027e9d8fca221e83caf2bbc513 /CHANGES
parent: 0b59755f434eca1ed621974ae9f95663dcdcac35 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index a955b3fd98..1ee3a478d3 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Initial TLS v1.2 client support. Add a default signature algorithms
+     extension including all the algorithms we support. Parse new signature
+     format in client key exchange. Relax some ECC signing restrictions for
+     TLS v1.2 as indicated in RFC5246.
+     [Steve Henson]
+
   *) Add server support for TLS v1.2 signature algorithms extension. Switch
      to new signature format when needed using client digest preference.
      All server ciphersuites should now work correctly in TLS v1.2. No client
author	Dr. Stephen Henson <steve@openssl.org>	2011-05-09 15:44:01 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-05-09 15:44:01 +0000
commit	a2f9200fba20ae7c25531c2f2ce6f80610f257e2 (patch)
tree	4fd0e58601a0e3027e9d8fca221e83caf2bbc513 /CHANGES
parent	0b59755f434eca1ed621974ae9f95663dcdcac35 (diff)