Merge pull request #314 from randombit/ct-tls-cbc-padding

TLS improvements
author: Jack Lloyd <[email protected]> 2015-10-26 12:33:05 -0400
committer: Jack Lloyd <[email protected]> 2015-10-26 12:33:05 -0400
commit: 191abfe7c95d79118f0f9b4ed6411796204c0db3 (patch)
tree: 672470d35a08dedac63c901f843e113d3088960e /doc/manual
parent: 475a9dacb8d285d6e5a0244bcf816d2ae72a00a8 (diff)
parent: 05ca920f0d8461b7da258f4e17afbf3d072b9327 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index 4226f3694..f96f27620 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -519,7 +519,9 @@ policy settings from a file.
      authentication, sending data in cleartext) are also not supported
      by the implementation and cannot be negotiated.
 
-     Default value: "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM",
+     Values without an explicit mode use old-style CBC with HMAC encryption.
+
+     Default value: "AES-256/GCM", "AES-128/GCM", "ChaCha20Poly1305",
      "AES-256/CCM", "AES-128/CCM", "AES-256/CCM-8", "AES-128/CCM-8",
      "AES-256", "AES-128"
 
@@ -572,7 +574,7 @@ policy settings from a file.
 
      Default: "ECDSA", "RSA", "DSA"
 
-     Also allowed: "" (meaning anonymous)
+     Also allowed (disabled by default): "" (meaning anonymous)
 
  .. cpp:function:: std::vector<std::string> allowed_ecc_curves() const
author	Jack Lloyd <[email protected]>	2015-10-26 12:33:05 -0400
committer	Jack Lloyd <[email protected]>	2015-10-26 12:33:05 -0400
commit	191abfe7c95d79118f0f9b4ed6411796204c0db3 (patch)
tree	672470d35a08dedac63c901f843e113d3088960e /doc/manual
parent	475a9dacb8d285d6e5a0244bcf816d2ae72a00a8 (diff)
parent	05ca920f0d8461b7da258f4e17afbf3d072b9327 (diff)