diff options
author | Jack Lloyd <[email protected]> | 2018-08-21 15:43:34 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-08-22 15:13:14 -0400 |
commit | e05a7337add6c5f61d5abc05bb69c8d0698aa3ef (patch) | |
tree | 8bb911536d39c43385a59d1bc9a09b2b14bd7075 /doc/manual | |
parent | 2fc2598ebab23aa63f7be30c8a2eff6afb262fb3 (diff) |
Default disable support for TLS v1.0/v1.1 and all CBC and CCM suites
Diffstat (limited to 'doc/manual')
-rw-r--r-- | doc/manual/tls.rst | 23 |
1 files changed, 20 insertions, 3 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index ba1bee1b0..5e615af0f 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -822,16 +822,19 @@ policy settings from a file. Cipher names without an explicit mode refers to CBC+HMAC ciphersuites. - Default value: "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM", - "AES-256/CCM", "AES-128/CCM", "AES-256", "AES-128" + Default value: "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM" - Also allowed: "AES-256/CCM(8)", "AES-128/CCM(8)", + Also allowed: "AES-256", "AES-128", + "AES-256/CCM", "AES-128/CCM", "AES-256/CCM(8)", "AES-128/CCM(8)", "Camellia-256/GCM", "Camellia-128/GCM", "ARIA-256/GCM", "ARIA-128/GCM", "Camellia-256", "Camellia-128" Also allowed (though currently experimental): "AES-128/OCB(12)", "AES-256/OCB(12)" + In versions up to 2.8.0, the CBC and CCM ciphersuites "AES-256", + "AES-128", "AES-256/CCM" and "AES-128/CCM" were enabled by default. + Also allowed (although **not recommended**): "SEED", "3DES" .. note:: @@ -1051,6 +1054,20 @@ policy settings from a file. Default: 2048 bits +.. cpp:function:: bool allow_tls10() const + + Return true from here to allow TLS v1.0. Since 2.8.0, returns + ``false`` by default. + +.. cpp:function:: bool allow_tls11() const + + Return true from here to allow TLS v1.1. Since 2.8.0, returns + ``false`` by default. + +.. cpp:function:: bool allow_tls12() const + + Return true from here to allow TLS v1.2. Returns ``true`` by default. + .. cpp:function:: size_t minimum_rsa_bits() const Minimum accepted RSA key size. Default 2048 bits. |