bcff020c36
- The default sigalg list now puts ML-DSA-65 first, then ML-DSA-87 and then ML-DSA-44. (87 vs. 44 Subject to bikeshedding). - The mintls and maxtls versions are now taken into account for both built-in and provided algorithms. - Some algorithms have a separate TLSv1.2-specific name for future reporting via openssl-list(1). - ML-DSA aside, any new provided algorithms go at the end of the default list (backwards-compatible inclusion). - The built-in algorithms now also have min/max DTLS versions. Though the provider TLS-SIGALG capability was extended to also report the DTLS version range, the minimum supported DTLS is 1.3, which we don't yet have, so it is not yet possible to add DTLS sigalgs via a provider - The TLS 1.3 brainpool sigalgs got their correct IANA names, with the legacy names as purported TLS 1.2 alternatives, but since these are for TLS 1.3 and up those names are for matching only, the reported value will still be the 1.3 name. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26975) |
||
|---|---|---|
| .. | ||
| ISSUE_TEMPLATE | ||
| workflows | ||
| dependabot.yml | ||
| FUNDING.yml | ||
| ISSUE_TEMPLATE.md | ||
| PULL_REQUEST_TEMPLATE.md | ||