Fix CVE-2017-6891 in minitasn1 code

[platform/upstream/gnutls.git] / doc / cha-intro-tls.texi

diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 6075020..319d68b 100644 (file)
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -138,15 +138,6 @@ This is an 128-bit block cipher developed by Mitsubishi and NTT. It
 is one of the approved ciphers of the European NESSIE and Japanese
 CRYPTREC projects.
 
-@item SALSA20_@-256 @tab
-SALSA20_256 is a fast stream cipher. This is currently a GnuTLS
-extension.
-
-@item ESTREAM_@-SALSA20_@-256 @tab
-ESTREAM_@-SALSA20_@-256 is a faster variant of SALSA20, and is one of the 
-selected ciphers of the ESTREAM competition. This is currently a GnuTLS
-extension.
-
 @end multitable
 @caption{Supported ciphers.}
 @end float
@@ -166,10 +157,6 @@ designed by NSA. Outputs 160 bits of data.
 @item MAC_@-SHA256 @tab
 An HMAC based on SHA256. Outputs 256 bits of data.
 
-@item MAC_@-UMAC @tab
-This is a very fast MAC algorithm based on universal hashing, described in
-@xcite{RFC4418}. This is currently a GnuTLS extension.
-
 @item MAC_@-AEAD @tab
 This indicates that an authenticated encryption algorithm, such as
 GCM, is in use.
@@ -450,6 +437,12 @@ to the client. Because session parameters are sensitive they are encrypted
 and authenticated with a key only known to the server and then sent to the
 client. The Session Tickets extension is described in RFC 5077 @xcite{TLSTKT}.
 
+A disadvantage of session tickets is that they eliminate the effects of
+forward secrecy when a server uses the same key for long time. That is,
+the secrecy of all sessions on a server using tickets depends on the ticket
+key being kept secret. For that reason server keys should be rotated and discarded
+regularly.
+
 Since version 3.1.3 GnuTLS clients transparently support session tickets.
 
 @node HeartBeat