Correct NEWS entry about required security level for old versions of TLS, DTLS and SSL

The entry was incorrect because suites using RSA key exchange without SHA1 were permitted at security level 1. Partial fix for #18194 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/18234)
author: Pauli <pauli@openssl.org> 2022-05-04 11:26:02 +1000
committer: Pauli <pauli@openssl.org> 2022-05-06 10:43:40 +1000
commit: 3226a37a4875567f2bf49aa44a727bcb67bb7dcd (patch)
tree: 07a0cc0fafd58d2ed7c0dfac98338e65164c487a /NEWS.md
parent: 37a6e9efe013f9e6a840e38beb81e44b9fee3629 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/NEWS.md b/NEWS.md
index dcd97d993b..7ced6898cc 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -115,7 +115,8 @@ OpenSSL 3.0
     RC4, RC5 and SEED cipher functions have been deprecated.
   * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions
     have been deprecated.
-  * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
+  * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0,
+    except when RSA key exchange without SHA1 is used.
   * Added providers, a new pluggability concept that will replace the
     ENGINE API and ENGINE implementations.
author	Pauli <pauli@openssl.org>	2022-05-04 11:26:02 +1000
committer	Pauli <pauli@openssl.org>	2022-05-06 10:43:40 +1000
commit	3226a37a4875567f2bf49aa44a727bcb67bb7dcd (patch)
tree	07a0cc0fafd58d2ed7c0dfac98338e65164c487a /NEWS.md
parent	37a6e9efe013f9e6a840e38beb81e44b9fee3629 (diff)