From 102c694ca8ae46d384d3a9c4e2e963836d6f1509 Mon Sep 17 00:00:00 2001 From: Jeff Forcier Date: Tue, 6 Jun 2017 13:26:13 -0700 Subject: Partially apply #983 for 2.0+ --- sites/www/changelog.rst | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'sites/www') diff --git a/sites/www/changelog.rst b/sites/www/changelog.rst index ec1c09cb..353e2818 100644 --- a/sites/www/changelog.rst +++ b/sites/www/changelog.rst @@ -2,6 +2,10 @@ Changelog ========= +* :bug:`-` (partial application of :issue:`983`) Move ``sha1`` above the + now-arguably-broken ``md5`` in the list of preferred MAC algorithms, as an + incremental security improvement for users whose target systems offer both. + Credit: Pierce Lopez. * :bug:`667` The RC4/arcfour family of ciphers has been broken since version 2.0; but since the algorithm is now known to be completely insecure, we are opting to remove support outright instead of fixing it. Thanks to Alex Gaynor -- cgit v1.2.3