aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_policy.cpp
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2016-11-25 17:15:28 -0500
committerJack Lloyd <[email protected]>2016-11-25 17:15:28 -0500
commitce1c593c8f6258a5fa0df50f620e4bdde4e7d034 (patch)
treef27f17e6f24657d138dd1946314801d9415e4a6e /src/lib/tls/tls_policy.cpp
parent4a849b7ebb329630ef03d5b3961d57c5f76cfa0b (diff)
parentcdb20d3599f38807f4495c9c705b5864928b2824 (diff)
Merge GH #653 OCSP and X.509 path validation refactor
Splits up path validation into several sub-functions for easier testing and creating customized validation code. Much improved OCSP handling and OCSP tests.
Diffstat (limited to 'src/lib/tls/tls_policy.cpp')
-rw-r--r--src/lib/tls/tls_policy.cpp8
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index 49a8ad1fc..4bd071d0b 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -156,6 +156,11 @@ size_t Policy::minimum_ecdh_group_size() const
return 255;
}
+size_t Policy::minimum_signature_strength() const
+ {
+ return 110;
+ }
+
size_t Policy::minimum_rsa_bits() const
{
/* Default assumption is all end-entity certificates should
@@ -466,6 +471,7 @@ void Policy::print(std::ostream& o) const
o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n';
o << "minimum_ecdh_group_size = " << minimum_ecdh_group_size() << '\n';
o << "minimum_rsa_bits = " << minimum_rsa_bits() << '\n';
+ o << "minimum_signature_strength = " << minimum_signature_strength() << '\n';
}
std::vector<std::string> Strict_Policy::allowed_ciphers() const
@@ -485,7 +491,7 @@ std::vector<std::string> Strict_Policy::allowed_macs() const
std::vector<std::string> Strict_Policy::allowed_key_exchange_methods() const
{
- return { "ECDH" };
+ return { "CECPQ1", "ECDH" };
}
bool Strict_Policy::allow_tls10() const { return false; }