blob: 0c2e7f8c39cf12b63634e3847e131a2d3b0bd71b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
<required>
aes
serpent
threefish_512
chacha
sha2_32
sha2_64
blake2
skein
keccak
sha3
gcm
ocb
chacha20poly1305
kdf2
hkdf
cmac
hmac
poly1305
siphash
pbkdf2
bcrypt
# required for private key encryption
pbes2
ed25519
curve25519
ecdh
ecdsa
rsa
rfc6979
eme_oaep
emsa_pssr
emsa1
auto_rng
hmac_drbg
</required>
<if_available>
ffi
tls
prf_tls
newhope
ed25519
clmul_cpu
clmul_ssse3
locking_allocator
http_util # needed by x509 for OCSP online checks
aes_ni
aes_vperm
aes_armv8
aes_power8
serpent_simd
serpent_avx2
threefish_512_avx2
chacha_simd32
chacha_avx2
sha1_sse2
sha1_x86
sha1_armv8
sha2_32_x86
sha2_32_armv8
sha2_32_bmi2
sha2_64_bmi2
sha3_bmi2
simd
sessions_sql
certstor_sql
rdrand_rng
system_rng
# entropy sources
dev_random
proc_walk
rdrand
rdseed
win32_stats
</if_available>
<prohibited>
# Just say no to TLS 1.0
tls_cbc
cast128
cast256
des
gost_28147
idea
idea_sse2
kasumi
lion
misty1
rc4
seed
xtea
cbc_mac
x919_mac
# MD5 and SHA1 are broken but not prohibited. They are widely in use
# in non-crypto contexts and are required by TLS currently
md4
gost_3411
cfb
ofb
elgamal
gost_3410
emsa_x931
pbkdf1
prf_x942
passhash9
cryptobox
</prohibited>
|