diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2018-06-06 09:25:20 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-06-12 09:31:03 +0200 |
| commit | 62248b6adf0c11d469b04b4bf58aa97deff5a813 (patch) | |
| tree | 0c17eae21180e9525b8a38facd6c73ae4ffdd38d /tests/suite/tls-fuzzer | |
| parent | 70ebf53b9e19596660b27c3522e8596a31fab4b7 (diff) | |
| download | gnutls-62248b6adf0c11d469b04b4bf58aa97deff5a813.tar.gz | |
priorities: hmac-sha256 ciphersuites were removed from defaults
These ciphersuites are deprecated since the introduction of AEAD
ciphersuites, and are only necessary for compatibility with older
servers. Since older servers already support hmac-sha1 there is
no reason to keep these ciphersuites enabled by default, as they
increase our attack surface.
Relates #456
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
Diffstat (limited to 'tests/suite/tls-fuzzer')
| -rwxr-xr-x | tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh index 62d75344f7..b4b7c10883 100755 --- a/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh +++ b/tests/suite/tls-fuzzer/tls-fuzzer-nocert.sh @@ -49,10 +49,10 @@ wait_for_free_port $PORT retval=0 -PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:+VERS-SSL3.0" +PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:-CURVE-SECP192R1:+VERS-SSL3.0:+SHA256" ${CLI} --list --priority "${PRIORITY}" >/dev/null 2>&1 if test $? != 0;then - PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+VERS-SSL3.0" + PRIORITY="NORMAL:%VERIFY_ALLOW_SIGN_WITH_SHA1:+ARCFOUR-128:+3DES-CBC:+DHE-DSS:+SIGN-DSA-SHA256:+SIGN-DSA-SHA1:+VERS-SSL3.0:+SHA256" fi TLS_PY=./tlslite-ng/scripts/tls.py |