diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-06-06 09:25:20 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-06-12 09:31:03 +0200 |
| commit | 62248b6adf0c11d469b04b4bf58aa97deff5a813 (patch) | |
| tree | 0c17eae21180e9525b8a38facd6c73ae4ffdd38d /lib/priority.c | |
| parent | 70ebf53b9e19596660b27c3522e8596a31fab4b7 (diff) | |
| download | gnutls-62248b6adf0c11d469b04b4bf58aa97deff5a813.tar.gz | |
priorities: hmac-sha256 ciphersuites were removed from defaults
These ciphersuites are deprecated since the introduction of AEAD
ciphersuites, and are only necessary for compatibility with older
servers. Since older servers already support hmac-sha1 there is
no reason to keep these ciphersuites enabled by default, as they
increase our attack surface.
Relates #456
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'lib/priority.c')
| -rw-r--r-- | lib/priority.c | 4 |
1 files changed, 0 insertions, 4 deletions
diff --git a/lib/priority.c b/lib/priority.c index 0dc39f362c..1ebd6b4695 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -455,14 +455,12 @@ static const int* sign_priority_secure192 = _sign_priority_secure192; static const int mac_priority_normal_default[] = { GNUTLS_MAC_SHA1, - GNUTLS_MAC_SHA256, GNUTLS_MAC_AEAD, 0 }; static const int mac_priority_normal_fips[] = { GNUTLS_MAC_SHA1, - GNUTLS_MAC_SHA256, GNUTLS_MAC_AEAD, 0 }; @@ -496,14 +494,12 @@ static const int* mac_priority_suiteb = _mac_priority_suiteb; static const int _mac_priority_secure128[] = { GNUTLS_MAC_SHA1, - GNUTLS_MAC_SHA256, GNUTLS_MAC_AEAD, 0 }; static const int* mac_priority_secure128 = _mac_priority_secure128; static const int _mac_priority_secure192[] = { - GNUTLS_MAC_SHA256, GNUTLS_MAC_AEAD, 0 }; |