diff options
| author | lloyd <[email protected]> | 2013-03-21 13:59:24 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2013-03-21 13:59:24 +0000 |
| commit | 8a664104ab7d712783223fa4a2abb9ac675243be (patch) | |
| tree | a0a7377d64e310629783dd8b8782b2e6fccf2565 /doc | |
| parent | 45f384ec0b4848a73bfd9c23bd2ec657e21ee299 (diff) | |
Add TLS::Policy::server_uses_own_ciphersuite_preferences()
Previously the server always took its most-preferred cipher out of the
client's list, but this policy allows telling a server to follow the
client's preferences insetad.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/relnotes/1_11_3.rst | 7 | ||||
| -rw-r--r-- | doc/tls.rst | 16 |
2 files changed, 21 insertions, 2 deletions
diff --git a/doc/relnotes/1_11_3.rst b/doc/relnotes/1_11_3.rst index 6b0ba1492..ac4de76aa 100644 --- a/doc/relnotes/1_11_3.rst +++ b/doc/relnotes/1_11_3.rst @@ -1,6 +1,13 @@ Version 1.11.3, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* A new TLS policy mechanism + :cpp:func:`TLS::Policy::server_uses_own_ciphersuite_preferences` + controls how a server chooses a ciphersuite. Previously it always + chose its most preferred cipher out of the client's list, but this + can allow configuring a server to choose by the client's preferences + instead. + * Implementations of the OCB and GCM authenticated cipher modes are now included diff --git a/doc/tls.rst b/doc/tls.rst index 83503fcb1..406b94d93 100644 --- a/doc/tls.rst +++ b/doc/tls.rst @@ -526,17 +526,24 @@ be negotiated during a handshake. Default: "secp521r1", "secp384r1", "secp256r1", "secp256k1", "secp224r1", "secp224k1" - Also allowed: "secp192r1", "secp192k1", "secp160r2", "secp160r1", "secp160k1" + Also allowed: "secp192r1", "secp192k1", "secp160r2", "secp160r1", + "secp160k1" .. cpp:function:: std::vector<byte> compression() const Return the list of compression methods we are willing to use, in order of - preference. + preference. Default is null compression only. .. note:: TLS compression is not currently supported. + .. cpp:function:: bool server_uses_own_ciphersuite_preferences() const + + If this returns true, a server will pick the cipher it prefers the + most out of the client's list. Otherwise, it will negotiate the + first cipher in the client's ciphersuite list that it supports. + .. cpp:function:: bool negotiate_heartbeat_support() const If this function returns true, clients will offer the heartbeat @@ -545,6 +552,11 @@ be negotiated during a handshake. support and servers will ignore clients offering heartbeat support. + If this returns true, callers should expect to handle heartbeat + data in their ``proc_fn``. + + Default + .. cpp:function:: bool allow_server_initiated_renegotiation() const If this function returns true, a client will accept a |