Remove support for TLS v1.2 MD5 and SHA-224 signatures.

Remove support for weak ECC curves (anything under P-256) from TLS. This includes secp256k1 since we don't take advantage of the special form for any performance advantage; might as well use P-256. The manual still mentioned that it was possible to use MD5 in Policy::allowed_macs, but all HMAC-MD5 suites are already removed.
author: Jack Lloyd <[email protected]> 2016-03-17 15:32:08 -0400
committer: Jack Lloyd <[email protected]> 2016-03-17 15:32:08 -0400
commit: f70a9de37d22282d8cca465632efd0044ab9008c (patch)
tree: e5fa59c1d4d7d235a2e1be357ef2da53545c3c99 /src/lib/tls/tls_policy.cpp
parent: cf5c88d07b44ad7c6b8702e7afb387fd8c13c3d3 (diff)
1 files changed, 0 insertions, 11 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index f88860a71..10b193215 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -44,9 +44,7 @@ std::vector<std::string> Policy::allowed_signature_hashes() const
       "SHA-512",
       "SHA-384",
       "SHA-256",
-      //"SHA-224",
       //"SHA-1",
-      //"MD5",
       };
    }
 
@@ -57,7 +55,6 @@ std::vector<std::string> Policy::allowed_macs() const
       "SHA-384",
       "SHA-256",
       "SHA-1",
-      //"MD5",
       };
    }
 
@@ -98,14 +95,6 @@ std::vector<std::string> Policy::allowed_ecc_curves() const
       "secp384r1",
       "brainpool256r1",
       "secp256r1",
-      //"secp256k1",
-      //"secp224r1",
-      //"secp224k1",
-      //"secp192r1",
-      //"secp192k1",
-      //"secp160r2",
-      //"secp160r1",
-      //"secp160k1",
       };
    }
author	Jack Lloyd <[email protected]>	2016-03-17 15:32:08 -0400
committer	Jack Lloyd <[email protected]>	2016-03-17 15:32:08 -0400
commit	f70a9de37d22282d8cca465632efd0044ab9008c (patch)
tree	e5fa59c1d4d7d235a2e1be357ef2da53545c3c99 /src/lib/tls/tls_policy.cpp
parent	cf5c88d07b44ad7c6b8702e7afb387fd8c13c3d3 (diff)