aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--doc/manual/tls.rst11
-rw-r--r--src/lib/tls/tls_extensions.cpp45
-rw-r--r--src/lib/tls/tls_policy.cpp11
3 files changed, 7 insertions, 60 deletions
diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index c5be39aaa..3d0286e61 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -550,7 +550,7 @@ policy settings from a file.
Default: "AEAD", "SHA-384", "SHA-256", "SHA-1"
- Also allowed (although **not recommended**): "MD5"
+ A plain hash function indicates HMAC
.. cpp:function:: std::vector<std::string> allowed_key_exchange_methods() const
@@ -563,13 +563,12 @@ policy settings from a file.
.. cpp:function:: std::vector<std::string> allowed_signature_hashes() const
- Returns the list of algorithms we are willing to use for
+ Returns the list of hash algorithms we are willing to use for
public key signatures, in order of preference.
Default: "SHA-512", "SHA-384", "SHA-256"
- Also allowed: "SHA-224"
- Also allowed (although **not recommended**): "MD5", "SHA-1"
+ Also allowed (although **not recommended**): "SHA-1"
.. note::
@@ -590,9 +589,7 @@ policy settings from a file.
Default: "brainpool512r1", "secp521r1", "brainpool384r1",
"secp384r1", "brainpool256r1", "secp256r1"
- Also allowed (disabled by default): "secp256k1", "secp224r1",
- "secp224k1", "secp192r1", "secp192k1", "secp160r2", "secp160r1",
- "secp160k1"
+ No other values are currently defined.
.. cpp:function:: std::vector<byte> compression() const
diff --git a/src/lib/tls/tls_extensions.cpp b/src/lib/tls/tls_extensions.cpp
index 4acf9a6fe..8befb2fbc 100644
--- a/src/lib/tls/tls_extensions.cpp
+++ b/src/lib/tls/tls_extensions.cpp
@@ -274,22 +274,6 @@ std::string Supported_Elliptic_Curves::curve_id_to_name(u16bit id)
{
switch(id)
{
- case 15:
- return "secp160k1";
- case 16:
- return "secp160r1";
- case 17:
- return "secp160r2";
- case 18:
- return "secp192k1";
- case 19:
- return "secp192r1";
- case 20:
- return "secp224k1";
- case 21:
- return "secp224r1";
- case 22:
- return "secp256k1";
case 23:
return "secp256r1";
case 24:
@@ -309,22 +293,6 @@ std::string Supported_Elliptic_Curves::curve_id_to_name(u16bit id)
u16bit Supported_Elliptic_Curves::name_to_curve_id(const std::string& name)
{
- if(name == "secp160k1")
- return 15;
- if(name == "secp160r1")
- return 16;
- if(name == "secp160r2")
- return 17;
- if(name == "secp192k1")
- return 18;
- if(name == "secp192r1")
- return 19;
- if(name == "secp224k1")
- return 20;
- if(name == "secp224r1")
- return 21;
- if(name == "secp256k1")
- return 22;
if(name == "secp256r1")
return 23;
if(name == "secp384r1")
@@ -385,14 +353,13 @@ std::string Signature_Algorithms::hash_algo_name(byte code)
{
switch(code)
{
- case 1:
- return "MD5";
// code 1 is MD5 - ignore it
case 2:
return "SHA-1";
- case 3:
- return "SHA-224";
+
+ // code 3 is SHA-224
+
case 4:
return "SHA-256";
case 5:
@@ -406,15 +373,9 @@ std::string Signature_Algorithms::hash_algo_name(byte code)
byte Signature_Algorithms::hash_algo_code(const std::string& name)
{
- if(name == "MD5")
- return 1;
-
if(name == "SHA-1")
return 2;
- if(name == "SHA-224")
- return 3;
-
if(name == "SHA-256")
return 4;
diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index f88860a71..10b193215 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -44,9 +44,7 @@ std::vector<std::string> Policy::allowed_signature_hashes() const
"SHA-512",
"SHA-384",
"SHA-256",
- //"SHA-224",
//"SHA-1",
- //"MD5",
};
}
@@ -57,7 +55,6 @@ std::vector<std::string> Policy::allowed_macs() const
"SHA-384",
"SHA-256",
"SHA-1",
- //"MD5",
};
}
@@ -98,14 +95,6 @@ std::vector<std::string> Policy::allowed_ecc_curves() const
"secp384r1",
"brainpool256r1",
"secp256r1",
- //"secp256k1",
- //"secp224r1",
- //"secp224k1",
- //"secp192r1",
- //"secp192k1",
- //"secp160r2",
- //"secp160r1",
- //"secp160k1",
};
}