summaryrefslogtreecommitdiff
path: root/doc/cha-gtls-app.texi
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2014-10-15 15:21:27 +0200
committerNikos Mavrogiannopoulos <nmav@redhat.com>2014-10-16 09:52:30 +0200
commitee83078f806d5ca6eccdbfd84371179589a37570 (patch)
tree17ec92a81a18920ed46b1928bf6dd87a5f41c026 /doc/cha-gtls-app.texi
parent2e966a134b6d072dbcfe06daa8cc79ecd91b7602 (diff)
downloadgnutls-ee83078f806d5ca6eccdbfd84371179589a37570.tar.gz
updated documentation for SSL 3.0 removal
Diffstat (limited to 'doc/cha-gtls-app.texi')
-rw-r--r--doc/cha-gtls-app.texi12
1 files changed, 6 insertions, 6 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 4cdbd54d7c..805c0b51c5 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -988,7 +988,7 @@ algorithms to be enabled.
@end float
Unless the initial keyword is "NONE" the defaults (in preference
-order) are for TLS protocols TLS 1.2, TLS1.1, TLS1.0, SSL3.0; for
+order) are for TLS protocols TLS 1.2, TLS1.1, TLS1.0; for
compression NULL; for certificate types X.509.
In key exchange algorithms when in NORMAL or SECURE levels the
perfect forward secrecy algorithms take precedence of the other
@@ -1050,8 +1050,8 @@ GCM ciphers only). All algorithms from NORMAL priority can be accessed with MAC-
COMP-NULL, COMP-DEFLATE. Catch all is COMP-ALL.
@item TLS versions @tab
-VERS-SSL3.0, VERS-TLS1.0, VERS-TLS1.1,
-VERS-TLS1.2, VERS-DTLS1.2, VERS-DTLS1.0.
+VERS-TLS1.0, VERS-TLS1.1, VERS-TLS1.2,
+VERS-DTLS1.0, VERS-DTLS1.2.
Catch all is VERS-TLS-ALL and VERS-DTLS-ALL.
@item Signature algorithms @tab
@@ -1195,8 +1195,8 @@ Specifying RSA with AES-128-CBC:
Specifying the defaults except ARCFOUR-128:
"NORMAL:-ARCFOUR-128"
-Enabling the 128-bit secure ciphers, while disabling SSL 3.0 and enabling compression:
- "SECURE128:-VERS-SSL3.0:+COMP-DEFLATE"
+Enabling the 128-bit secure ciphers, while disabling TLS 1.0 and enabling compression:
+ "SECURE128:-VERS-TLS1.0:+COMP-DEFLATE"
Enabling the 128-bit and 192-bit secure ciphers, while disabling all TLS versions
except TLS 1.2:
@@ -1587,7 +1587,7 @@ options that are known to cause compatibility problems, is shown below.
NORMAL:%COMPAT
@end verbatim
-For broken peers that do not tolerate TLS version numbers over TLS 1.0
+For very old broken peers that do not tolerate TLS version numbers over TLS 1.0
another priority string is:
@verbatim
NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT