From 4cc0353aed5452e73725f7e93971ec37e3d12036 Mon Sep 17 00:00:00 2001
From: Balazs Scheidler <balazs.scheidler@axoflow.com>
Date: Mon, 3 Jun 2024 16:54:46 +0200
Subject: [PATCH] news: added news file

Signed-off-by: Balazs Scheidler <balazs.scheidler@axoflow.com>
---
 news/feature-137.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 news/feature-137.md

diff --git a/news/feature-137.md b/news/feature-137.md
new file mode 100644
index 0000000000..14f95a0455
--- /dev/null
+++ b/news/feature-137.md
@@ -0,0 +1,13 @@
+Add `fingerprint-alg()` option to `tls()` blocks: SSL peers can be validated
+using the `trusted-keys()` option that takes a list of trusted public key
+fingerprints.  This was using the `sha1` algorithm, which is not considered
+safe anymore.  This option can be used to customize the message digest
+algorithm and accepts any known algorithms supported by OpenSSL. As of
+OpenSSL 3.0.10, the followings are supported (OpenSSL 3.0.10):
+
+Message Digest commands (see the `dgst' command for more details)
+blake2b512        blake2s256        md4               md5
+rmd160            sha1              sha224            sha256
+sha3-224          sha3-256          sha3-384          sha3-512
+sha384            sha512            sha512-224        sha512-256
+shake128          shake256          sm3