diff options
author | Jack Lloyd <[email protected]> | 2016-11-25 17:15:28 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-11-25 17:15:28 -0500 |
commit | ce1c593c8f6258a5fa0df50f620e4bdde4e7d034 (patch) | |
tree | f27f17e6f24657d138dd1946314801d9415e4a6e /src/lib/tls/tls_policy.cpp | |
parent | 4a849b7ebb329630ef03d5b3961d57c5f76cfa0b (diff) | |
parent | cdb20d3599f38807f4495c9c705b5864928b2824 (diff) |
Merge GH #653 OCSP and X.509 path validation refactor
Splits up path validation into several sub-functions for easier testing
and creating customized validation code. Much improved OCSP handling
and OCSP tests.
Diffstat (limited to 'src/lib/tls/tls_policy.cpp')
-rw-r--r-- | src/lib/tls/tls_policy.cpp | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp index 49a8ad1fc..4bd071d0b 100644 --- a/src/lib/tls/tls_policy.cpp +++ b/src/lib/tls/tls_policy.cpp @@ -156,6 +156,11 @@ size_t Policy::minimum_ecdh_group_size() const return 255; } +size_t Policy::minimum_signature_strength() const + { + return 110; + } + size_t Policy::minimum_rsa_bits() const { /* Default assumption is all end-entity certificates should @@ -466,6 +471,7 @@ void Policy::print(std::ostream& o) const o << "minimum_dh_group_size = " << minimum_dh_group_size() << '\n'; o << "minimum_ecdh_group_size = " << minimum_ecdh_group_size() << '\n'; o << "minimum_rsa_bits = " << minimum_rsa_bits() << '\n'; + o << "minimum_signature_strength = " << minimum_signature_strength() << '\n'; } std::vector<std::string> Strict_Policy::allowed_ciphers() const @@ -485,7 +491,7 @@ std::vector<std::string> Strict_Policy::allowed_macs() const std::vector<std::string> Strict_Policy::allowed_key_exchange_methods() const { - return { "ECDH" }; + return { "CECPQ1", "ECDH" }; } bool Strict_Policy::allow_tls10() const { return false; } |