diff options
Diffstat (limited to 'crypto/Readme.html')
| -rw-r--r-- | crypto/Readme.html | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/crypto/Readme.html b/crypto/Readme.html index 9f4705f00..153897914 100644 --- a/crypto/Readme.html +++ b/crypto/Readme.html @@ -296,6 +296,16 @@ We state, where EC MQV has not otherwise been disabled or removed: <h4><a class="mozTocH4" name="mozTocId85317"></a>Release 1.8.3, TBD</h4> + <h5>IMPORTANT</h5> + <ul> + <li> + In this release, the TLS library has moved to a whitelisting approach for client-side validation of server-presented + Diffie-Hellman (DH) parameters. In the default configuration, if a ciphersuite using ephemeral DH is selected by the + server, the client will abort the handshake if the proposed DH group is not one of those specified in RFC 3526 or RFC 7919, + or if the DH prime is < 2048 bits. The client therefore no longer offers DH ciphersuites by default. + </li> + </ul> + <h5>Additional Features and Functionality</h5> <ul> <li>Further work has been done on improving SHA-3 performance.</li> |