diff options
author | Jeff Forcier <jeff@bitprophet.org> | 2017-06-06 13:26:13 -0700 |
---|---|---|
committer | Jeff Forcier <jeff@bitprophet.org> | 2017-06-06 13:27:21 -0700 |
commit | d6e57d34bafb65c6ce62a022d1b509f35cf82d49 (patch) | |
tree | 5afc870e7c12f8d14762bc33dfdfe9588b94f408 /sites/www/changelog.rst | |
parent | 9db59ac05e03ede7ba5d5059b7e00effca275430 (diff) |
Partially apply #983 for 2.0+
Diffstat (limited to 'sites/www/changelog.rst')
-rw-r--r-- | sites/www/changelog.rst | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index ec1c09cb..9aead611 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,9 @@ Changelog ========= +* :bug:`983` Move ``sha1`` above the now-arguably-broken ``md5`` in the list of + preferred MAC algorithms, as an incremental security improvement for users + whose target systems offer both. Credit: Pierce Lopez. * :bug:`667` The RC4/arcfour family of ciphers has been broken since version 2.0; but since the algorithm is now known to be completely insecure, we are opting to remove support outright instead of fixing it. Thanks to Alex Gaynor |