OpenSSL: Adjust ciphersuite order and update documentation
This commit is contained in:
parent
98c4aaeaff
commit
42e6fbaa8c
1 changed files with 30 additions and 3 deletions
|
@ -90,11 +90,38 @@
|
|||
|
||||
|
||||
/*
|
||||
* Default supported ciphersuites (if the user does not provide any) and curves (OpenSSL 1.0.2+)
|
||||
* Hardcoded secp384r1 (P-384) is used on OpenSSL 1.0.0 and 1.0.1 (if available).
|
||||
* Default supported ciphersuites (if the user does not provide any) and
|
||||
* curves (OpenSSL 1.0.2+). Hardcoded secp384r1 (NIST P-384) is used on
|
||||
* OpenSSL 1.0.0 and 1.0.1 (if available).
|
||||
*
|
||||
* We prefer AEAD ciphersuites first in order of strength, then SHA2
|
||||
* ciphersuites, then remaining suites.
|
||||
*/
|
||||
|
||||
static const char rb_default_ciphers[] = "kEECDH+HIGH:kEDH+HIGH:HIGH:!aNULL";
|
||||
static const char rb_default_ciphers[] = ""
|
||||
"aECDSA+kEECDH+CHACHA20:"
|
||||
"aRSA+kEECDH+CHACHA20:"
|
||||
"aRSA+kEDH+CHACHA20:"
|
||||
"aECDSA+kEECDH+AESGCM:"
|
||||
"aRSA+kEECDH+AESGCM:"
|
||||
"aRSA+kEDH+AESGCM:"
|
||||
"aECDSA+kEECDH+AESCCM:"
|
||||
"aRSA+kEECDH+AESCCM:"
|
||||
"aRSA+kEDH+AESCCM:"
|
||||
"@STRENGTH:"
|
||||
"aECDSA+kEECDH+HIGH+SHA384:"
|
||||
"aRSA+kEECDH+HIGH+SHA384:"
|
||||
"aRSA+kEDH+HIGH+SHA384:"
|
||||
"aECDSA+kEECDH+HIGH+SHA256:"
|
||||
"aRSA+kEECDH+HIGH+SHA256:"
|
||||
"aRSA+kEDH+HIGH+SHA256:"
|
||||
"aECDSA+kEECDH+HIGH:"
|
||||
"aRSA+kEECDH+HIGH:"
|
||||
"aRSA+kEDH+HIGH:"
|
||||
"HIGH:"
|
||||
"!3DES:"
|
||||
"!aNULL";
|
||||
|
||||
#ifdef LRB_HAVE_TLS_SET_CURVES
|
||||
static const char rb_default_curves[] = "P-521:P-384:P-256";
|
||||
#endif
|
||||
|
|
Loading…
Reference in a new issue