artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b4e1c71) | patch
Split the existing TLS cipher suite groups into four:
authorjsing <jsing@openbsd.org>
Wed, 13 Jul 2016 16:30:48 +0000 (16:30 +0000)
committerjsing <jsing@openbsd.org>
Wed, 13 Jul 2016 16:30:48 +0000 (16:30 +0000)
commitc52398cf8ddc2277fd315b57e988b8716e622887
tree65be532ea4f7f1e8f2751d85b1870dba0ab581aetree | snapshot
parentb4e1c71261ee475034707c9fd945f4bfd49dc371commit | diff
Split the existing TLS cipher suite groups into four:

"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)

This allows for flexibility and finer grained control, rather than having
two extremes (an issue raised by Marko Kreen some time ago).

ok beck@ tedu@
lib/libtls/tls_config.c diff | blob | history
lib/libtls/tls_init.3 diff | blob | history
lib/libtls/tls_internal.h diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim