From 57d85d9bee20edb6c3070504f23b6a2be2802654 Mon Sep 17 00:00:00 2001
From: "Wladimir J. van der Laan" <laanwj@gmail.com>
Date: Fri, 28 Aug 2015 12:20:01 +0200
Subject: doc: mention SSL support dropped for RPC in release notes

---
 doc/release-notes.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'doc')

diff --git a/doc/release-notes.md b/doc/release-notes.md
index 9caac4f7ae..2fc601d435 100644
--- a/doc/release-notes.md
+++ b/doc/release-notes.md
@@ -4,6 +4,29 @@ release-notes at release time)
 Notable changes
 ===============
 
+SSL support for RPC dropped
+----------------------------
+
+SSL support for RPC, previously enabled by the option `rpcssl` has been dropped
+from both the client and the server. This was done in preparation for removing
+the dependency on OpenSSL for the daemon completely.
+
+Trying to use `rpcssl` will result in an error:
+
+    Error: SSL mode for RPC (-rpcssl) is no longer supported.
+
+If you are one of the few people that relies on this feature, a flexible
+migration path is to use `stunnel`. This is an utility that can tunnel
+arbitrary TCP connections inside SSL. On e.g. Ubuntu it can be installed with:
+
+    sudo apt-get install stunnel4
+
+Then, to tunnel a SSL connection on 28332 to a RPC server bound on localhost on port 18332 do:
+
+    stunnel -d 28332 -r 127.0.0.1:18332 -p stunnel.pem -P ''
+
+It can also be set up system-wide in inetd style.
+
 Random-cookie RPC authentication
 ---------------------------------
 
-- 
cgit v1.2.3