diff options
author | lloyd <[email protected]> | 2012-06-29 14:55:56 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-06-29 14:55:56 +0000 |
commit | c0a3a3046dbc39b05056f5539e68060c67a25f17 (patch) | |
tree | d3e0c8253125375a32bcd0c0ef0d281a981326cf /src/tls/cert_req.cpp | |
parent | 4b1568e323f95015cb217bf3d1b6a80bf786230e (diff) |
Split TLS::Policy::allowed_hashes into allowed_signature_hashes and
allowed_macs. This allows someone to turn on MD5 for message auth,
which is a little sketchy but probably OK, without also (likely
unintentionally) enabling MD5 for TLS v1.2 signatures, which would be
a big problem.
Prioritize RC4 over 3DES in default policy.
Disable ECC curves smaller than 224 bits by default.
More updates to the TLS policy documentation.
Diffstat (limited to 'src/tls/cert_req.cpp')
-rw-r--r-- | src/tls/cert_req.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/tls/cert_req.cpp b/src/tls/cert_req.cpp index 31f4fb1e1..f97238d54 100644 --- a/src/tls/cert_req.cpp +++ b/src/tls/cert_req.cpp @@ -66,7 +66,7 @@ Certificate_Req::Certificate_Req(Record_Writer& writer, if(version >= Protocol_Version::TLS_V12) { - std::vector<std::string> hashes = policy.allowed_hashes(); + std::vector<std::string> hashes = policy.allowed_signature_hashes(); std::vector<std::string> sigs = policy.allowed_signature_methods(); for(size_t i = 0; i != hashes.size(); ++i) |