aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_policy.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-01-25 13:01:02 +0000
committerlloyd <[email protected]>2012-01-25 13:01:02 +0000
commitd9f9ef98ec1f554c7d9729f5d97cb4578b84691b (patch)
treee2a501e38fd0ac4d25fda5835660a1dda5ff8cfc /src/tls/tls_policy.cpp
parent50bcbb4d8f09189cc669bb482487858234da7f6e (diff)
In earlier versions, key exchange == "RSA" meant export-style
ephemeral RSA, and key exchange == "" meant RSA via the key in the server certificate. However we don't support any of the export suites anymore (and in fact that code probably never worked), so use kex algo == "RSA" to represent the server cert case as it's much easier to read the code and to understand from a policy configuration perspective. Also fix the default policy, "TripleDES" != "3DES" so we would not offer (as a client) and would reject (as a server) any 3DES ciphersuites.
Diffstat (limited to 'src/tls/tls_policy.cpp')
-rw-r--r--src/tls/tls_policy.cpp8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index ea3e4f144..6d95ada40 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -20,9 +20,8 @@ std::vector<std::string> Policy::allowed_ciphers() const
allowed.push_back("AES-256");
allowed.push_back("AES-128");
- allowed.push_back("TripleDES");
+ allowed.push_back("3DES");
allowed.push_back("ARC4");
-
// Note that SEED and IDEA are not included by default
return allowed;
@@ -51,16 +50,19 @@ std::vector<std::string> Policy::allowed_key_exchange_methods() const
//allowed.push_back("PSK");
allowed.push_back("ECDH");
allowed.push_back("DH");
- allowed.push_back(""); // means RSA via server cert
+ allowed.push_back("RSA"); // RSA via server cert
+
return allowed;
}
std::vector<std::string> Policy::allowed_signature_methods() const
{
std::vector<std::string> allowed;
+
allowed.push_back("ECDSA");
allowed.push_back("RSA");
allowed.push_back("DSA");
+
return allowed;
}