diff options
| -rw-r--r-- | doc/relnotes/1_11_2.rst | 4 | ||||
| -rw-r--r-- | src/tls/tls_policy.cpp | 6 |
2 files changed, 7 insertions, 3 deletions
diff --git a/doc/relnotes/1_11_2.rst b/doc/relnotes/1_11_2.rst index 88d161d23..95a86cbdf 100644 --- a/doc/relnotes/1_11_2.rst +++ b/doc/relnotes/1_11_2.rst @@ -1,6 +1,10 @@ Version 1.11.2, Not Yet Released ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +* The default TLS policy formerly preferred AES over RC4, and allowed + 3DES by default. Now the default policy is to negotiate only either + AES or RC4, and to prefer RC4. + * The new filter :cpp:class:`Threaded_Fork` acts like a normal :cpp:class:`Fork,` sending its input to a number of different filters, but each subchain of filters in the fork runs in its own diff --git a/src/tls/tls_policy.cpp b/src/tls/tls_policy.cpp index e98fe66b2..98e3c6bca 100644 --- a/src/tls/tls_policy.cpp +++ b/src/tls/tls_policy.cpp @@ -19,10 +19,10 @@ namespace TLS { std::vector<std::string> Policy::allowed_ciphers() const { return std::vector<std::string>({ - "AES-256", - "AES-128", "ARC4", - "3DES", + "AES-128", + "AES-256", + //"3DES", //"Camellia-256", //"Camellia-128", //"SEED" |