From 74cf1686b727d9b41781df66f3f74d63b9c5cfe2 Mon Sep 17 00:00:00 2001
From: Jack Lloyd <jack@randombit.net>
Date: Wed, 16 Nov 2016 12:05:34 -0500
Subject: Add CECPQ1 TLS ciphersuites

Tested against BoringSSL (as client + server) and google.com (as client).

Fix a stupid crashing bug in NewHope's BoringSSL mode.

Remove unneeded error return from curve25519_donna - always returned 0.

Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which
means the default no-extra-configuration ciphersuite (for Botan client speaking
to Botan server) is a ciphersuite which is both implemented in constant time
on all platforms and (hopefully) provides post quantum security. Good Things.
---
 doc/manual/tls.rst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'doc')

diff --git a/doc/manual/tls.rst b/doc/manual/tls.rst
index 24dc5093a..973b8ff0f 100644
--- a/doc/manual/tls.rst
+++ b/doc/manual/tls.rst
@@ -522,7 +522,7 @@ policy settings from a file.
 
      Cipher names without an explicit mode refers to CBC+HMAC ciphersuites.
 
-     Default value: "AES-256/GCM", "AES-128/GCM", "ChaCha20Poly1305",
+     Default value: "ChaCha20Poly1305", "AES-256/GCM", "AES-128/GCM",
      "AES-256/CCM", "AES-128/CCM", "AES-256", "AES-128"
 
      Also allowed: "AES-256/CCM(8)", "AES-128/CCM(8)",
@@ -567,7 +567,7 @@ policy settings from a file.
      Returns the list of key exchange methods we are willing to use,
      in order of preference.
 
-     Default: "ECDH", "DH"
+     Default: "CECPQ1", "ECDH", "DH"
 
      Also allowed: "RSA", "SRP_SHA", "ECDHE_PSK", "DHE_PSK", "PSK"
 
-- 
cgit v1.2.3