From 3c87345db13dd71470bf5b7837c1fa289a505a76 Mon Sep 17 00:00:00 2001 From: Rajeev Ranjan Date: Thu, 7 Dec 2023 09:24:53 +0100 Subject: [PATCH] openssl-ciphers.pod.in: add Integrity only cipher suites. CHANGES.md: add integrity-only cipher suites --- CHANGES.md | 4 ++++ doc/man1/openssl-ciphers.pod.in | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/CHANGES.md b/CHANGES.md index 93365619fa8f8f..d8181aba157127 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -40,6 +40,10 @@ OpenSSL 3.3 *Richard Levitte* + * Added support for integrity-only cipher suites for TLS v1.3. + + *Rajeev Ranjan, Siemens AG* + * The BLAKE2s hash algorithm matches BLAKE2b's support for configurable output length. diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in index d4df30686f8d49..1cfbad78331d40 100644 --- a/doc/man1/openssl-ciphers.pod.in +++ b/doc/man1/openssl-ciphers.pod.in @@ -735,6 +735,11 @@ Note: the CBC modes mentioned in this RFC are not supported. TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_SHA256 TLS_AES_128_CCM_8_SHA256 TLS_AES_128_CCM_8_SHA256 +=head2 Integrity-Only cipher suites from RFC9150, extending TLS v1.3 + + TLS_SHA256_SHA256 TLS_SHA256_SHA256 + TLS_SHA384_SHA384 TLS_SHA384_SHA384 + =head2 Older names used by OpenSSL The following names are accepted by older releases: @@ -796,6 +801,8 @@ The B<-stdname> is only available if OpenSSL is built with tracing enabled The B<-convert> option was added in OpenSSL 1.1.1. +The support for integrity-only cipher suites for TLS v1.3 was added in OpenSSL 3.3. + =head1 COPYRIGHT Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.