From 6d327f879c608908ca2c6b9b99f7fd74d498b4ef Mon Sep 17 00:00:00 2001 From: Christian Mainka Date: Tue, 3 May 2016 16:41:18 +0200 Subject: TLS Policy support * --policy works for TLS Server and TLS Client * Example policy BSI_TR-02102-2.txt * Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2 * Minimum ecdh and rsa group size --- tls-policy/BSI_TR-02102-2.txt | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 tls-policy/BSI_TR-02102-2.txt (limited to 'tls-policy') diff --git a/tls-policy/BSI_TR-02102-2.txt b/tls-policy/BSI_TR-02102-2.txt new file mode 100644 index 000000000..bdc844b46 --- /dev/null +++ b/tls-policy/BSI_TR-02102-2.txt @@ -0,0 +1,20 @@ +allow_tls10=false +allow_tls11=false +allow_tls12=true +allow_dtls10=false +allow_dtls12=false + +ciphers=AES-256/GCM AES-128/GCM AES-256 AES-128 +signature_hashes=SHA-384 SHA-256 +macs=AEAD SHA-384 SHA-256 +key_exchange_methods=ECDH DH ECDHE_PSK DHE_PSK ECDH_PSK +signature_methods=ECDSA RSA DSA +ecc_curves=brainpool512r1 brainpool384r1 brainpool256r1 secp384r1 secp256r1 +minimum_dh_group_size=2000 +minimum_ecdh_group_size=250 +minimum_rsa_bits=2000 +ecc_curves=brainpool512r1 brainpool384r1 brainpool256r1 + +allow_insecure_renegotiation=false +allow_server_initiated_renegotiation=true +server_uses_own_ciphersuite_preferences=true -- cgit v1.2.3