diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-02-07 10:59:19 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-02-07 10:59:19 +0100 |
commit | fa72f202b690bfb57bd7663bfe62080e0ec8e758 (patch) | |
tree | f3cf58c8bb9083359379b44564808ba19e668284 | |
parent | 8dbb79875c5d2b5d95286675eb369d9daf2b10a9 (diff) | |
download | gnutls-fa72f202b690bfb57bd7663bfe62080e0ec8e758.tar.gz |
updated priorities. Removed ARCFOUR from the secure ciphersuites and
moved GCM to bottom of the ciphers in performance.
-rw-r--r-- | lib/gnutls_priority.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 5884a0f3a8..2600a4749f 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -262,7 +262,6 @@ static const int kx_priority_secure[] = { }; static const int cipher_priority_performance[] = { - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_CIPHER_ARCFOUR_128, #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, @@ -273,7 +272,9 @@ static const int cipher_priority_performance[] = { #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_256_CBC, #endif - /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */ +#ifdef NETTLE_GCM + GNUTLS_CIPHER_AES_128_GCM, +#endif 0 }; @@ -282,14 +283,15 @@ static const int cipher_priority_normal[] = { #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, #endif - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_CIPHER_AES_256_CBC, #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_256_CBC, #endif +#ifdef NETTLE_GCM + GNUTLS_CIPHER_AES_128_GCM, +#endif GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, - /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */ 0 }; @@ -298,10 +300,10 @@ static const int cipher_priority_secure128[] = { #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, #endif +#ifdef NETTLE_GCM GNUTLS_CIPHER_AES_128_GCM, +#endif GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_ARCFOUR_128, - /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */ 0 }; @@ -315,10 +317,10 @@ static const int cipher_priority_secure256[] = { #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, #endif +#ifdef NETTLE_GCM GNUTLS_CIPHER_AES_128_GCM, +#endif GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_ARCFOUR_128, - /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */ 0 }; |