From f70a9de37d22282d8cca465632efd0044ab9008c Mon Sep 17 00:00:00 2001
From: Jack Lloyd <lloyd@randombit.net>
Date: Thu, 17 Mar 2016 15:32:08 -0400
Subject: Remove support for TLS v1.2 MD5 and SHA-224 signatures.

Remove support for weak ECC curves (anything under P-256) from TLS.
This includes secp256k1 since we don't take advantage of the special
form for any performance advantage; might as well use P-256.

The manual still mentioned that it was possible to use MD5 in
Policy::allowed_macs, but all HMAC-MD5 suites are already removed.
---
 src/lib/tls/tls_policy.cpp | 11 -----------
 1 file changed, 11 deletions(-)

(limited to 'src/lib/tls/tls_policy.cpp')

diff --git a/src/lib/tls/tls_policy.cpp b/src/lib/tls/tls_policy.cpp
index f88860a71..10b193215 100644
--- a/src/lib/tls/tls_policy.cpp
+++ b/src/lib/tls/tls_policy.cpp
@@ -44,9 +44,7 @@ std::vector<std::string> Policy::allowed_signature_hashes() const
       "SHA-512",
       "SHA-384",
       "SHA-256",
-      //"SHA-224",
       //"SHA-1",
-      //"MD5",
       };
    }
 
@@ -57,7 +55,6 @@ std::vector<std::string> Policy::allowed_macs() const
       "SHA-384",
       "SHA-256",
       "SHA-1",
-      //"MD5",
       };
    }
 
@@ -98,14 +95,6 @@ std::vector<std::string> Policy::allowed_ecc_curves() const
       "secp384r1",
       "brainpool256r1",
       "secp256r1",
-      //"secp256k1",
-      //"secp224r1",
-      //"secp224k1",
-      //"secp192r1",
-      //"secp192k1",
-      //"secp160r2",
-      //"secp160r1",
-      //"secp160k1",
       };
    }
 
-- 
cgit v1.2.3