diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-15 08:43:28 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-07-15 09:24:36 +0200 |
| commit | ec84ab047cbb46d1acaf26cf1ab8b6f38f85a3bb (patch) | |
| tree | c637b7d591782c02dc7d21df4489aba005862fb1 /lib/priority.c | |
| parent | fe73839ed232142b174abea9e0a735ea4c0d930c (diff) | |
| download | gnutls-tmp-equalize-priorities.tar.gz | |
priorities: cipher priorities were made consistent with the 3.6.x branchtmp-equalize-priorities
Current settings in NORMAL priorities which were affected:
* Enabled ciphers:
- AES-GCM
- CHACHA20-POLY1305
- AES-CCM
- AES-CBC
Removed:
* Ciphersuites utilizing CAMELLIA were removed.
That also reduces the size of the client hello which when large
could cause issues with pick middle-boxes.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'lib/priority.c')
| -rw-r--r-- | lib/priority.c | 18 |
1 files changed, 0 insertions, 18 deletions
diff --git a/lib/priority.c b/lib/priority.c index 7ce44c7cf4..75929eda42 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -238,12 +238,8 @@ static const int _cipher_priority_performance_default[] = { GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_128_CCM, GNUTLS_CIPHER_AES_256_CCM, - GNUTLS_CIPHER_CAMELLIA_128_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_3DES_CBC, 0 }; @@ -254,12 +250,8 @@ static const int _cipher_priority_performance_no_aesni[] = { GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_AES_128_CCM, GNUTLS_CIPHER_AES_256_CCM, - GNUTLS_CIPHER_CAMELLIA_128_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_CAMELLIA_128_CBC, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_3DES_CBC, 0 }; @@ -271,19 +263,15 @@ static const int _cipher_priority_performance_no_aesni[] = { */ static const int _cipher_priority_normal_default[] = { GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_AES_128_GCM, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_CIPHER_AES_128_CCM, GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_CIPHER_3DES_CBC, 0 @@ -330,16 +318,12 @@ static const int* cipher_priority_suiteb192 = _cipher_priority_suiteb192; static const int _cipher_priority_secure128[] = { GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_128_GCM, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_CIPHER_AES_128_CCM, 0 }; @@ -348,10 +332,8 @@ static const int *cipher_priority_secure128 = _cipher_priority_secure128; static const int _cipher_priority_secure192[] = { GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_256_CBC, - GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_AES_256_CCM, 0 }; |