diff options
author | lloyd <[email protected]> | 2012-01-25 13:01:02 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-01-25 13:01:02 +0000 |
commit | d9f9ef98ec1f554c7d9729f5d97cb4578b84691b (patch) | |
tree | e2a501e38fd0ac4d25fda5835660a1dda5ff8cfc /src/tls/tls_ciphersuite.cpp | |
parent | 50bcbb4d8f09189cc669bb482487858234da7f6e (diff) |
In earlier versions, key exchange == "RSA" meant export-style
ephemeral RSA, and key exchange == "" meant RSA via the key in the
server certificate. However we don't support any of the export suites
anymore (and in fact that code probably never worked), so use kex algo
== "RSA" to represent the server cert case as it's much easier to read
the code and to understand from a policy configuration perspective.
Also fix the default policy, "TripleDES" != "3DES" so we would not
offer (as a client) and would reject (as a server) any 3DES
ciphersuites.
Diffstat (limited to 'src/tls/tls_ciphersuite.cpp')
-rw-r--r-- | src/tls/tls_ciphersuite.cpp | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/src/tls/tls_ciphersuite.cpp b/src/tls/tls_ciphersuite.cpp index a46be8404..b81d4adc4 100644 --- a/src/tls/tls_ciphersuite.cpp +++ b/src/tls/tls_ciphersuite.cpp @@ -25,32 +25,32 @@ Ciphersuite Ciphersuite::lookup_ciphersuite(u16bit suite) // RSA ciphersuites case TLS_RSA_WITH_AES_128_CBC_SHA: - return Ciphersuite("RSA", "", "SHA-1", "AES-128", 16); + return Ciphersuite("RSA", "RSA", "SHA-1", "AES-128", 16); case TLS_RSA_WITH_AES_256_CBC_SHA: - return Ciphersuite("RSA", "", "SHA-1", "AES-256", 32); + return Ciphersuite("RSA", "RSA", "SHA-1", "AES-256", 32); case TLS_RSA_WITH_AES_128_CBC_SHA256: - return Ciphersuite("RSA", "", "SHA-256", "AES-128", 16); + return Ciphersuite("RSA", "RSA", "SHA-256", "AES-128", 16); case TLS_RSA_WITH_AES_256_CBC_SHA256: - return Ciphersuite("RSA", "", "SHA-256", "AES-256", 32); + return Ciphersuite("RSA", "RSA", "SHA-256", "AES-256", 32); case TLS_RSA_WITH_3DES_EDE_CBC_SHA: - return Ciphersuite("RSA", "", "SHA-1", "3DES", 24); + return Ciphersuite("RSA", "RSA", "SHA-1", "3DES", 24); case TLS_RSA_WITH_RC4_128_SHA: - return Ciphersuite("RSA", "", "SHA-1", "ARC4", 16); + return Ciphersuite("RSA", "RSA", "SHA-1", "ARC4", 16); case TLS_RSA_WITH_RC4_128_MD5: - return Ciphersuite("RSA", "", "MD5", "ARC4", 16); + return Ciphersuite("RSA", "RSA", "MD5", "ARC4", 16); case TLS_RSA_WITH_SEED_CBC_SHA: - return Ciphersuite("RSA", "", "SHA-1", "SEED", 16); + return Ciphersuite("RSA", "RSA", "SHA-1", "SEED", 16); #if defined(BOTAN_HAS_IDEA) case TLS_RSA_WITH_IDEA_CBC_SHA: - return Ciphersuite("RSA", "", "SHA-1", "IDEA", 16); + return Ciphersuite("RSA", "RSA", "SHA-1", "IDEA", 16); #endif // DH/DSS ciphersuites @@ -185,7 +185,7 @@ std::string Ciphersuite::to_string() const out << "TLS_"; - if(kex_algo() != "") + if(kex_algo() != "RSA") { if(kex_algo() == "DH") out << "DHE"; |