aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual/tls.rst
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-03-17 15:32:08 -0400
committerJack Lloyd <[email protected]>2016-03-17 15:32:08 -0400
commitf70a9de37d22282d8cca465632efd0044ab9008c (patch)
treee5fa59c1d4d7d235a2e1be357ef2da53545c3c99 /doc/manual/tls.rst
parentcf5c88d07b44ad7c6b8702e7afb387fd8c13c3d3 (diff)
Remove support for TLS v1.2 MD5 and SHA-224 signatures.
Remove support for weak ECC curves (anything under P-256) from TLS. This includes secp256k1 since we don't take advantage of the special form for any performance advantage; might as well use P-256. The manual still mentioned that it was possible to use MD5 in Policy::allowed_macs, but all HMAC-MD5 suites are already removed.
Diffstat (limited to 'doc/manual/tls.rst')
-rw-r--r--doc/manual/tls.rst11
1 files changed, 4 insertions, 7 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index c5be39aaa..3d0286e61 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -550,7 +550,7 @@ policy settings from a file.
Default: "AEAD", "SHA-384", "SHA-256", "SHA-1"
- Also allowed (although **not recommended**): "MD5"
+ A plain hash function indicates HMAC
.. cpp:function:: std::vector<std::string> allowed_key_exchange_methods() const
@@ -563,13 +563,12 @@ policy settings from a file.
.. cpp:function:: std::vector<std::string> allowed_signature_hashes() const
- Returns the list of algorithms we are willing to use for
+ Returns the list of hash algorithms we are willing to use for
public key signatures, in order of preference.
Default: "SHA-512", "SHA-384", "SHA-256"
- Also allowed: "SHA-224"
- Also allowed (although **not recommended**): "MD5", "SHA-1"
+ Also allowed (although **not recommended**): "SHA-1"
.. note::
@@ -590,9 +589,7 @@ policy settings from a file.
Default: "brainpool512r1", "secp521r1", "brainpool384r1",
"secp384r1", "brainpool256r1", "secp256r1"
- Also allowed (disabled by default): "secp256k1", "secp224r1",
- "secp224k1", "secp192r1", "secp192k1", "secp160r2", "secp160r1",
- "secp160k1"
+ No other values are currently defined.
.. cpp:function:: std::vector<byte> compression() const