From 1cc6115863c976c2441f793fc3e4c294ccacce48 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Wed, 8 Mar 2017 11:48:28 +0100
Subject: priority: do not enable HMAC-MD5 by default

While HMAC-MD5 is not yet broken, it is not used by any non-broken
or non-NULL ciphersuites (is only used with NULL and RC4), and as there
is not plan to introduce new ciphersuites with that MAC algorithm, there
is no point to include it in the default set of allowed algorithms.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
---
 lib/priority.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/lib/priority.c b/lib/priority.c
index 04aba86943..ade96c730c 100644
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -414,7 +414,6 @@ static const int mac_priority_normal_default[] = {
 	GNUTLS_MAC_SHA256,
 	GNUTLS_MAC_SHA384,
 	GNUTLS_MAC_AEAD,
-	GNUTLS_MAC_MD5,
 	0
 };
 
-- 
cgit v1.2.1