aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/cert_req.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-06-29 14:55:56 +0000
committerlloyd <[email protected]>2012-06-29 14:55:56 +0000
commitc0a3a3046dbc39b05056f5539e68060c67a25f17 (patch)
treed3e0c8253125375a32bcd0c0ef0d281a981326cf /src/tls/cert_req.cpp
parent4b1568e323f95015cb217bf3d1b6a80bf786230e (diff)
Split TLS::Policy::allowed_hashes into allowed_signature_hashes and
allowed_macs. This allows someone to turn on MD5 for message auth, which is a little sketchy but probably OK, without also (likely unintentionally) enabling MD5 for TLS v1.2 signatures, which would be a big problem. Prioritize RC4 over 3DES in default policy. Disable ECC curves smaller than 224 bits by default. More updates to the TLS policy documentation.
Diffstat (limited to 'src/tls/cert_req.cpp')
-rw-r--r--src/tls/cert_req.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp
index 31f4fb1e1..f97238d54 100644
--- a/src/tls/cert_req.cpp
+++ b/src/tls/cert_req.cpp
@@ -66,7 +66,7 @@ Certificate_Req::Certificate_Req(Record_Writer& writer,
if(version >= Protocol_Version::TLS_V12)
{
- std::vector<std::string> hashes = policy.allowed_hashes();
+ std::vector<std::string> hashes = policy.allowed_signature_hashes();
std::vector<std::string> sigs = policy.allowed_signature_methods();
for(size_t i = 0; i != hashes.size(); ++i)