diff options
author | Christian Mainka <[email protected]> | 2016-05-03 16:41:18 +0200 |
---|---|---|
committer | Christian Mainka <[email protected]> | 2016-05-03 16:41:18 +0200 |
commit | 6d327f879c608908ca2c6b9b99f7fd74d498b4ef (patch) | |
tree | 37887b96bf353db53aef93525a49706c7967de2d /tls-policy | |
parent | e6f56a82b639776282b9f4fd6a66e426ea0910d2 (diff) |
TLS Policy support
* --policy works for TLS Server and TLS Client
* Example policy BSI_TR-02102-2.txt
* Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2
* Minimum ecdh and rsa group size
Diffstat (limited to 'tls-policy')
-rw-r--r-- | tls-policy/BSI_TR-02102-2.txt | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/tls-policy/BSI_TR-02102-2.txt b/tls-policy/BSI_TR-02102-2.txt new file mode 100644 index 000000000..bdc844b46 --- /dev/null +++ b/tls-policy/BSI_TR-02102-2.txt @@ -0,0 +1,20 @@ +allow_tls10=false +allow_tls11=false +allow_tls12=true +allow_dtls10=false +allow_dtls12=false + +ciphers=AES-256/GCM AES-128/GCM AES-256 AES-128 +signature_hashes=SHA-384 SHA-256 +macs=AEAD SHA-384 SHA-256 +key_exchange_methods=ECDH DH ECDHE_PSK DHE_PSK ECDH_PSK +signature_methods=ECDSA RSA DSA +ecc_curves=brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 +minimum_dh_group_size=2000 +minimum_ecdh_group_size=250 +minimum_rsa_bits=2000 +ecc_curves=brainpool512r1 brainpool384r1 brainpool256r1 + +allow_insecure_renegotiation=false +allow_server_initiated_renegotiation=true +server_uses_own_ciphersuite_preferences=true |