summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2018-08-07 17:30:57 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2018-08-07 17:30:57 +0700
commitcc5062b8ca50bb1689fa5c65e15f25add789178a (patch)
tree55fb7be4f882b314029f19745c3d0c9bd0f26243
parentTLS: Disable DHE_* ciphersuites in default clients (diff)
downloadBouncyCastle.NET-ed25519-cc5062b8ca50bb1689fa5c65e15f25add789178a.tar.xz
Add entry explaining DH changes
-rw-r--r--crypto/Readme.html10
1 files changed, 10 insertions, 0 deletions
diff --git a/crypto/Readme.html b/crypto/Readme.html
index 9f4705f00..153897914 100644
--- a/crypto/Readme.html
+++ b/crypto/Readme.html
@@ -296,6 +296,16 @@ We state, where EC MQV has not otherwise been disabled or removed:
 
         <h4><a class="mozTocH4" name="mozTocId85317"></a>Release 1.8.3, TBD</h4>
 
+        <h5>IMPORTANT</h5>
+        <ul>
+            <li>
+                In this release, the TLS library has moved to a whitelisting approach for client-side validation of server-presented
+                Diffie-Hellman (DH) parameters. In the default configuration, if a ciphersuite using ephemeral DH is selected by the
+                server, the client will abort the handshake if the proposed DH group is not one of those specified in RFC 3526 or RFC 7919,
+                or if the DH prime is < 2048 bits. The client therefore no longer offers DH ciphersuites by default.
+            </li>
+        </ul>
+
         <h5>Additional Features and Functionality</h5>
         <ul>
             <li>Further work has been done on improving SHA-3 performance.</li>