In earlier versions, key exchange == "RSA" meant export-style

ephemeral RSA, and key exchange == "" meant RSA via the key in the
server certificate. However we don't support any of the export suites
anymore (and in fact that code probably never worked), so use kex algo
== "RSA" to represent the server cert case as it's much easier to read
the code and to understand from a policy configuration perspective.

Also fix the default policy, "TripleDES" != "3DES" so we would not
offer (as a client) and would reject (as a server) any 3DES
ciphersuites.

0 files changed, 0 insertions, 0 deletions