diff options
| author | lloyd <[email protected]> | 2014-12-31 14:30:32 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2014-12-31 14:30:32 +0000 |
| commit | de3fb4a8aa5957a37bae11d3662638f79551f826 (patch) | |
| tree | 1a82d6b50bb7dd01a2d5e0bba772a980b0ba345f /doc | |
| parent | 205bbde9dc315562f11c16e15c1787d84f0d0185 (diff) | |
Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementation
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/manual/tls.rst | 19 | ||||
| -rw-r--r-- | doc/relnotes/1_11_12.rst | 3 |
2 files changed, 13 insertions, 9 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst index c1d03c452..ac0f14fe2 100644 --- a/doc/manual/tls.rst +++ b/doc/manual/tls.rst @@ -512,9 +512,9 @@ be negotiated during a handshake. authentication, sending data in cleartext) are also not supported by the implementation and cannot be negotiated. - Default value: "AES-256/GCM", "AES-128/GCM", "AES-256/CCM", - "AES-128/CCM", "AES-256/CCM-8", "AES-128/CCM-8", "AES-256", - "AES-128" + Default value: "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM", + "AES-256/CCM", "AES-128/CCM", "AES-256/CCM-8", "AES-128/CCM-8", + "AES-256", "AES-128" Also allowed: "Camellia-256/GCM", "Camellia-128/GCM", "Camellia-256", "Camellia-128" @@ -569,7 +569,7 @@ be negotiated during a handshake. Return a list of ECC curves we are willing to use, in order of preference. Default: "brainpool512r1", "brainpool384r1", "brainpool256r1", - "secp521r1", "secp384r1", "secp256r1", "secp256k1" + "secp521r1", "secp384r1", "secp256r1", "secp256k1" Also allowed (disabled by default): "secp224r1", "secp224k1", "secp192r1", "secp192k1", "secp160r2", "secp160r1", "secp160k1" @@ -588,12 +588,13 @@ be negotiated during a handshake. Return true if this version of the protocol is one that we are willing to negotiate. - Default: Accepts TLS v1.0 or higher, or DTLS v1.2. Note that - SSLv3 is rejected by default; it has serious security - flaws which cannot be fixed without protocol changes. + Default: Accepts TLS v1.0 or higher, or DTLS v1.2. - .. note:: SSLv3 support is deprecated and will be removed in a - future release. + .. note:: + + SSLv3 is rejected by default; it has serious security flaws + which cannot be fixed without protocol changes. SSLv3 support + is deprecated and will be removed in a future release. .. cpp:function:: bool server_uses_own_ciphersuite_preferences() const diff --git a/doc/relnotes/1_11_12.rst b/doc/relnotes/1_11_12.rst index 288c30a5c..294561a4e 100644 --- a/doc/relnotes/1_11_12.rst +++ b/doc/relnotes/1_11_12.rst @@ -10,6 +10,9 @@ Version 1.11.12, Not Yet Released * Add the ChaCha20Poly1305 AEAD defined in draft-irtf-cfrg-chacha20-poly1305-03 +* Add ChaCha20Poly1305 ciphersuites for TLS compatible with Google's servers + following draft-agl-tls-chacha20poly1305-04 + * When encrypted as PKCS #8 structures, Curve25519 and McEliece private keys default to using AES-256/GCM instead of AES-256/CBC |