AES cipher suites are now official (RFC3268)
diff --git a/CHANGES b/CHANGES
index 19d5c34..c618719 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
Changes between 0.9.7 and 0.9.8 [xx XXX 2002]
+ *) Change default behaviour of 'openssl asn1parse' so that more
+ information is visible when viewing, e.g., a certificate:
+
+ Modify asn1_parse2 (crypto/asn1/asn1_par.c) so that in non-'dump'
+ mode the content of non-printable OCTET STRINGs is output in a
+ style similar to INTEGERs, but with '[HEX DUMP]' prepended to
+ avoid the appearance of a printable string.
+ [Nils Larsch <nla@trustcenter.de>]
+
*) Add 'asn1_flag' and 'asn1_form' member to EC_GROUP with access
functions
EC_GROUP_set_asn1_flag()
@@ -1143,14 +1152,15 @@
handle the new API. Currently only ECB, CBC modes supported. Add new
AES OIDs.
- Add TLS AES ciphersuites as described in the "AES Ciphersuites
- for TLS" draft-ietf-tls-ciphersuite-06.txt. As these are not yet
- official, they are not enabled by default and are not even part
- of the "ALL" ciphersuite alias; for now, they must be explicitly
- requested by specifying the new "AESdraft" ciphersuite alias. If
- you want the default ciphersuite list plus the new ciphersuites,
- use "DEFAULT:AESdraft:@STRENGTH".
- [Ben Laurie, Steve Henson, Bodo Moeller]
+ Add TLS AES ciphersuites as described in RFC3268, "Advanced
+ Encryption Standard (AES) Ciphersuites for Transport Layer
+ Security (TLS)". (In beta versions of OpenSSL 0.9.7, these were
+ not enabled by default and were not part of the "ALL" ciphersuite
+ alias because they were not yet official; they could be
+ explicitly requested by specifying the "AESdraft" ciphersuite
+ group alias. In the final release of OpenSSL 0.9.7, the group
+ alias is called "AES" and is part of "ALL".)
+ [Ben Laurie, Steve Henson, Bodo Moeller]
*) New function OCSP_copy_nonce() to copy nonce value (if present) from
request to response.
