Make truncated hmac a runtime option server-side Reading the documentation of ssl_set_truncated_hmac() may give the impression I changed the default for clients but I didn't, the old documentation was wrong.

commit: e117a8fc0dcdd9c2528856876748cfa8b06e4fd7 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Jan 09 12:39:35 2015 +0100
committer: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Jan 09 12:52:20 2015 +0100
tree: 01c4874b0edb46056886b882c511f256a0943d2b
parent: 8e4b3374d744d83c7a881408a602e5abb85f6464 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 89c87e0..5643688 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -9,6 +9,10 @@
    * Add support for Extended Master Secret (draft-ietf-tls-session-hash)
    * Add support for Encrypt-then-MAC (RFC 7366)
 
+Changes
+   * It is now possible to disable neogtiation of truncated HMAC server-side
+     at runtime with ssl_set_truncated_hmac().
+
 = PolarSSL 1.3.9 released 2014-10-20
 Security
    * Lowest common hash was selected from signature_algorithms extension in
commit	e117a8fc0dcdd9c2528856876748cfa8b06e4fd7	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Jan 09 12:39:35 2015 +0100
committer	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Fri Jan 09 12:52:20 2015 +0100
tree	01c4874b0edb46056886b882c511f256a0943d2b
parent	8e4b3374d744d83c7a881408a602e5abb85f6464 [diff] [blame]