New policy methods. User provides lists of ciphers, hashes, etc they

would like to use, in order of preference. Client sorts list of known
ciphersuites by those preferences and sends them. Server now picks the
first client method it knows and that it can use (previously, it would
choose the one it liked the best out of what the client sent).

New policy callback returns list of CAs allowed for client auth.
Don't send certificate request unless we have at least one CA we want
signatures from. OpenSSL has a behavior (bug?) in TLS 1.2 mode such
that it will reject a connection if a certificate request is sent
without any names included.

0 files changed, 0 insertions, 0 deletions