Instead of using a hardcoded value for signature_algothms, go with

policy. Only functional change here from before is we now send DSA with SHA-2. This is fine, OpenSSL does it as well and while the spec says to wait until NIST comes up with a way to prevent hash impersonation, it doesn't really make sense to avoid possible hash substitution attacks by using the weakest available hash...
author: lloyd <[email protected]> 2012-01-20 19:05:42 +0000
committer: lloyd <[email protected]> 2012-01-20 19:05:42 +0000
commit: 415efed94cb5b185ae31140285a6a5e2fef64765 (patch)
tree: 133f06f0a00fe635ef1803125a76cc2bf88e07f3 /src/tls/tls_policy.cpp
parent: 04cf1cd6fcd56c537b5ae4d339e83df67a4094e3 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp
index bc0cd53f5..b041d84b0 100644
--- a/src/tls/tls_policy.cpp
+++ b/src/tls/tls_policy.cpp
@@ -26,7 +26,10 @@ std::vector<std::string> TLS_Policy::allowed_ciphers() const
 std::vector<std::string> TLS_Policy::allowed_hashes() const
    {
    std::vector<std::string> allowed;
+   allowed.push_back("SHA-512");
+   allowed.push_back("SHA-384");
    allowed.push_back("SHA-256");
+   allowed.push_back("SHA-224");
    allowed.push_back("SHA-1");
    // Note that MD5 is not included by default
    return allowed;
author	lloyd <[email protected]>	2012-01-20 19:05:42 +0000
committer	lloyd <[email protected]>	2012-01-20 19:05:42 +0000
commit	415efed94cb5b185ae31140285a6a5e2fef64765 (patch)
tree	133f06f0a00fe635ef1803125a76cc2bf88e07f3 /src/tls/tls_policy.cpp
parent	04cf1cd6fcd56c537b5ae4d339e83df67a4094e3 (diff)