OpenSSL: TLSv1.3 notes

author: Jeremy Harris <jgh146exb@wizmail.org> 2018-06-20 20:28:54 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2018-06-20 20:57:02 +0100
commit: 0c3807a8165cbc982f330831a429571f2ff7beec (patch)
tree: 9e94cf56b9238336d99385b196090df791dee100 /src/src/tls-openssl.c
parent: 7a8b95190c22a8176c583985a41beb3e9ae831cd (diff)
download: exim4-0c3807a8165cbc982f330831a429571f2ff7beec.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 7e6524dbd..e7bba0221 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1999,6 +1999,10 @@ if (!expand_check(require_ciphers, US"tls_require_ciphers", &expciphers, errstr)
 /* In OpenSSL, cipher components are separated by hyphens. In GnuTLS, they
 were historically separated by underscores. So that I can use either form in my
 tests, and also for general convenience, we turn underscores into hyphens here.
+
+XXX SSL_CTX_set_cipher_list() is replaced by SSL_CTX_set_ciphersuites()
+for TLS 1.3 .  Since we do not call it at present we get the default list:
+TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
 */
 
 if (expciphers)
author	Jeremy Harris <jgh146exb@wizmail.org>	2018-06-20 20:28:54 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2018-06-20 20:57:02 +0100
commit	0c3807a8165cbc982f330831a429571f2ff7beec (patch)
tree	9e94cf56b9238336d99385b196090df791dee100 /src/src/tls-openssl.c
parent	7a8b95190c22a8176c583985a41beb3e9ae831cd (diff)
download	exim4-0c3807a8165cbc982f330831a429571f2ff7beec.tar.gz