diff options
author | lloyd <[email protected]> | 2012-04-02 17:03:04 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2012-04-02 17:03:04 +0000 |
commit | 0b7fb2651b187097e9c89e37e2672ff28830371a (patch) | |
tree | 72a3866681bd2299d1651a66e05f9ec374cf80d8 /src/tls/tls_server.cpp | |
parent | 7f0df78e77eedaf299a8dcbea2d10290b99d3521 (diff) |
Add anonymous DH/ECDH ciphersuites to the cipher list. Interop checked
against OpenSSL.
One big issue that needs to be resolved is that with these
ciphersuites available to be negotiated, we want to make sure they
only are used when the application/user expects them to. Problem is
that PSK and SRP are "anonymous" but authenticated via the shared
secret. We need to be able to distinguish these on a policy
level. Otherwise a MITM could simply offer anon DH, which would be
somewhat unfortunate. A client could detect this in the handshake
callback, but might not.
In the short term to ensure this doesn't occur, disable both anon DH
and PSK/SRP in the default policy.
Diffstat (limited to 'src/tls/tls_server.cpp')
0 files changed, 0 insertions, 0 deletions