aboutsummaryrefslogtreecommitdiffstats
path: root/tls-policy
diff options
context:
space:
mode:
authorChristian Mainka <[email protected]>2016-05-03 16:41:18 +0200
committerChristian Mainka <[email protected]>2016-05-03 16:41:18 +0200
commit6d327f879c608908ca2c6b9b99f7fd74d498b4ef (patch)
tree37887b96bf353db53aef93525a49706c7967de2d /tls-policy
parente6f56a82b639776282b9f4fd6a66e426ea0910d2 (diff)
TLS Policy support
* --policy works for TLS Server and TLS Client * Example policy BSI_TR-02102-2.txt * Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2 * Minimum ecdh and rsa group size
Diffstat (limited to 'tls-policy')
-rw-r--r--tls-policy/BSI_TR-02102-2.txt20
1 files changed, 20 insertions, 0 deletions
diff --git a/tls-policy/BSI_TR-02102-2.txt b/tls-policy/BSI_TR-02102-2.txt
new file mode 100644
index 000000000..bdc844b46
--- /dev/null
+++ b/tls-policy/BSI_TR-02102-2.txt
@@ -0,0 +1,20 @@
+allow_tls10=false
+allow_tls11=false
+allow_tls12=true
+allow_dtls10=false
+allow_dtls12=false
+
+ciphers=AES-256/GCM AES-128/GCM AES-256 AES-128
+signature_hashes=SHA-384 SHA-256
+macs=AEAD SHA-384 SHA-256
+key_exchange_methods=ECDH DH ECDHE_PSK DHE_PSK ECDH_PSK
+signature_methods=ECDSA RSA DSA
+ecc_curves=brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1
+minimum_dh_group_size=2000
+minimum_ecdh_group_size=250
+minimum_rsa_bits=2000
+ecc_curves=brainpool512r1 brainpool384r1 brainpool256r1
+
+allow_insecure_renegotiation=false
+allow_server_initiated_renegotiation=true
+server_uses_own_ciphersuite_preferences=true