From 1b2a55ffa2e6acde6fb9909276936cc1c61c89b1 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 23 Oct 2020 16:44:35 +0100 Subject: Add a CHANGES.md entry for the "tmp_dh" functions/macros Describe the tmp_dh deprecations, and what applications should do instead. Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/13368) --- CHANGES.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'CHANGES.md') diff --git a/CHANGES.md b/CHANGES.md index 6e275f1d73..ca4e096ed2 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -23,6 +23,21 @@ OpenSSL 3.0 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx] + * The functions SSL_CTX_set_tmp_dh_callback and SSL_set_tmp_dh_callback, as + well as the macros SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() have been + deprecated. These are used to set the Diffie-Hellman (DH) parameters that + are to be used by servers requiring ephemeral DH keys. Instead applications + should consider using the built-in DH parameters that are available by + calling SSL_CTX_set_dh_auto() or SSL_set_dh_auto(). If custom parameters are + necessary then applications can use the alternative functions + SSL_CTX_set0_tmp_dh_pkey() and SSL_set0_tmp_dh_pkey(). There is no direct + replacement for the "callback" functions. The callback was originally useful + in order to have different parameters for export and non-export ciphersuites. + Export ciphersuites are no longer supported by OpenSSL. Use of the callback + functions should be replaced by one of the other methods described above. + + *Matt Caswell* + * The -crypt option to the passwd command line tool has been removed. *Paul Dale* -- cgit v1.2.3