aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual
diff options
context:
space:
mode:
authorlloyd <[email protected]>2014-12-31 14:30:32 +0000
committerlloyd <[email protected]>2014-12-31 14:30:32 +0000
commitde3fb4a8aa5957a37bae11d3662638f79551f826 (patch)
tree1a82d6b50bb7dd01a2d5e0bba772a980b0ba345f /doc/manual
parent205bbde9dc315562f11c16e15c1787d84f0d0185 (diff)
Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementation
Diffstat (limited to 'doc/manual')
-rw-r--r--doc/manual/tls.rst19
1 files changed, 10 insertions, 9 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index c1d03c452..ac0f14fe2 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -512,9 +512,9 @@ be negotiated during a handshake.
authentication, sending data in cleartext) are also not supported
by the implementation and cannot be negotiated.
- Default value: "AES-256/GCM", "AES-128/GCM", "AES-256/CCM",
- "AES-128/CCM", "AES-256/CCM-8", "AES-128/CCM-8", "AES-256",
- "AES-128"
+ Default value: "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM",
+ "AES-256/CCM", "AES-128/CCM", "AES-256/CCM-8", "AES-128/CCM-8",
+ "AES-256", "AES-128"
Also allowed: "Camellia-256/GCM", "Camellia-128/GCM",
"Camellia-256", "Camellia-128"
@@ -569,7 +569,7 @@ be negotiated during a handshake.
Return a list of ECC curves we are willing to use, in order of preference.
Default: "brainpool512r1", "brainpool384r1", "brainpool256r1",
- "secp521r1", "secp384r1", "secp256r1", "secp256k1"
+ "secp521r1", "secp384r1", "secp256r1", "secp256k1"
Also allowed (disabled by default): "secp224r1", "secp224k1",
"secp192r1", "secp192k1", "secp160r2", "secp160r1", "secp160k1"
@@ -588,12 +588,13 @@ be negotiated during a handshake.
Return true if this version of the protocol is one that we are
willing to negotiate.
- Default: Accepts TLS v1.0 or higher, or DTLS v1.2. Note that
- SSLv3 is rejected by default; it has serious security
- flaws which cannot be fixed without protocol changes.
+ Default: Accepts TLS v1.0 or higher, or DTLS v1.2.
- .. note:: SSLv3 support is deprecated and will be removed in a
- future release.
+ .. note::
+
+ SSLv3 is rejected by default; it has serious security flaws
+ which cannot be fixed without protocol changes. SSLv3 support
+ is deprecated and will be removed in a future release.
.. cpp:function:: bool server_uses_own_ciphersuite_preferences() const