aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_server.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2012-04-02 17:03:04 +0000
committerlloyd <[email protected]>2012-04-02 17:03:04 +0000
commit0b7fb2651b187097e9c89e37e2672ff28830371a (patch)
tree72a3866681bd2299d1651a66e05f9ec374cf80d8 /src/tls/tls_server.cpp
parent7f0df78e77eedaf299a8dcbea2d10290b99d3521 (diff)
Add anonymous DH/ECDH ciphersuites to the cipher list. Interop checked
against OpenSSL. One big issue that needs to be resolved is that with these ciphersuites available to be negotiated, we want to make sure they only are used when the application/user expects them to. Problem is that PSK and SRP are "anonymous" but authenticated via the shared secret. We need to be able to distinguish these on a policy level. Otherwise a MITM could simply offer anon DH, which would be somewhat unfortunate. A client could detect this in the handshake callback, but might not. In the short term to ensure this doesn't occur, disable both anon DH and PSK/SRP in the default policy.
Diffstat (limited to 'src/tls/tls_server.cpp')
0 files changed, 0 insertions, 0 deletions