projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3ed1839) | patch
Rework the default cipherlist.
authorEmilia Kasper <emilia@openssl.org>
Thu, 3 Mar 2016 18:50:03 +0000 (19:50 +0100)
committerEmilia Kasper <emilia@openssl.org>
Mon, 7 Mar 2016 15:53:42 +0000 (16:53 +0100)
commita556f342201473b4bf8dbf879b03890a74e412b6
tree76527cf039cfd054c6a2c9f4a0008f4feaa7c403tree | snapshot
parent3ed1839dc3ad285ca83609007a18911d3c7bfdbecommit | diff
Rework the default cipherlist.

 - Always prefer forward-secure handshakes.
 - Consistently order ECDSA above RSA.
 - Next, always prefer AEADs to non-AEADs, irrespective of strength.
 - Within AEADs, prefer GCM > CHACHA > CCM for a given strength.
 - Prefer TLS v1.2 ciphers to legacy ciphers.
 - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default
   list to reduce ClientHello bloat.

Reviewed-by: Rich Salz <rsalz@openssl.org>
CHANGES diff | blob | history
ssl/s3_lib.c diff | blob | history
ssl/ssl_ciph.c diff | blob | history
ssl/ssl_locl.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.