aboutsummaryrefslogtreecommitdiffstats
path: root/doc/manual
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-08-21 15:43:34 -0400
committerJack Lloyd <[email protected]>2018-08-22 15:13:14 -0400
commite05a7337add6c5f61d5abc05bb69c8d0698aa3ef (patch)
tree8bb911536d39c43385a59d1bc9a09b2b14bd7075 /doc/manual
parent2fc2598ebab23aa63f7be30c8a2eff6afb262fb3 (diff)
Default disable support for TLS v1.0/v1.1 and all CBC and CCM suites
Diffstat (limited to 'doc/manual')
-rw-r--r--doc/manual/tls.rst23
1 files changed, 20 insertions, 3 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index ba1bee1b0..5e615af0f 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -822,16 +822,19 @@ policy settings from a file.
Cipher names without an explicit mode refers to CBC+HMAC ciphersuites.
- Default value: "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM",
- "AES-256/CCM", "AES-128/CCM", "AES-256", "AES-128"
+ Default value: "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM"
- Also allowed: "AES-256/CCM(8)", "AES-128/CCM(8)",
+ Also allowed: "AES-256", "AES-128",
+ "AES-256/CCM", "AES-128/CCM", "AES-256/CCM(8)", "AES-128/CCM(8)",
"Camellia-256/GCM", "Camellia-128/GCM", "ARIA-256/GCM", "ARIA-128/GCM",
"Camellia-256", "Camellia-128"
Also allowed (though currently experimental): "AES-128/OCB(12)",
"AES-256/OCB(12)"
+ In versions up to 2.8.0, the CBC and CCM ciphersuites "AES-256",
+ "AES-128", "AES-256/CCM" and "AES-128/CCM" were enabled by default.
+
Also allowed (although **not recommended**): "SEED", "3DES"
.. note::
@@ -1051,6 +1054,20 @@ policy settings from a file.
Default: 2048 bits
+.. cpp:function:: bool allow_tls10() const
+
+ Return true from here to allow TLS v1.0. Since 2.8.0, returns
+ ``false`` by default.
+
+.. cpp:function:: bool allow_tls11() const
+
+ Return true from here to allow TLS v1.1. Since 2.8.0, returns
+ ``false`` by default.
+
+.. cpp:function:: bool allow_tls12() const
+
+ Return true from here to allow TLS v1.2. Returns ``true`` by default.
+
.. cpp:function:: size_t minimum_rsa_bits() const
Minimum accepted RSA key size. Default 2048 bits.