Correct NEWS entry about required security level for old versions of TLS, DTLS and SSL The entry was incorrect because suites using RSA key exchange without SHA1 were permitted at security level 1. Partial fix for #18194 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/18234) (cherry picked from commit 3226a37a4875567f2bf49aa44a727bcb67bb7dcd)

commit: 50d1d92de9a4cf62723a3c1ea2f39501feea7d6e [log] [tgz]
author: Pauli <pauli@openssl.org> Wed May 04 11:26:02 2022 +1000
committer: Pauli <pauli@openssl.org> Fri May 06 10:44:13 2022 +1000
tree: f1ad4faa330dbf23b4a009bfb34621baf81f9484
parent: 16ff70a58cfb5c40197e6a940cf4666226f31b79 [diff]
diff --git a/NEWS.md b/NEWS.md
index 630c57a..6f741ee 100644
--- a/NEWS.md
+++ b/NEWS.md

@@ -122,7 +122,8 @@
     RC4, RC5 and SEED cipher functions have been deprecated.
   * All of the low-level DH, DSA, ECDH, ECDSA and RSA public key functions
     have been deprecated.
-  * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0.
+  * SSL 3, TLS 1.0, TLS 1.1, and DTLS 1.0 only work at security level 0,
+    except when RSA key exchange without SHA1 is used.
   * Added providers, a new pluggability concept that will replace the
     ENGINE API and ENGINE implementations.
commit	50d1d92de9a4cf62723a3c1ea2f39501feea7d6e	[log] [tgz]
author	Pauli <pauli@openssl.org>	Wed May 04 11:26:02 2022 +1000
committer	Pauli <pauli@openssl.org>	Fri May 06 10:44:13 2022 +1000
tree	f1ad4faa330dbf23b4a009bfb34621baf81f9484
parent	16ff70a58cfb5c40197e6a940cf4666226f31b79 [diff]