diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-04-16 22:46:56 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2011-04-16 22:48:22 +0200 |
commit | 6fffdf51ce25f68c8b7fb370b222d6f923f650b3 (patch) | |
tree | 325f49ee543077f857b9a45de53d688dff5de867 | |
parent | f281fd1f00aded61de0176ee2a53c3bb46205096 (diff) | |
download | gnutls-6fffdf51ce25f68c8b7fb370b222d6f923f650b3.tar.gz |
Restored HMAC-MD5 for compatibility. Although considered weak, several sites require it for connection. It is enabled for "NORMAL" and "PERFORMANCE" priority strings.
-rw-r--r-- | NEWS | 4 | ||||
-rw-r--r-- | lib/gnutls_priority.c | 7 |
2 files changed, 8 insertions, 3 deletions
@@ -5,6 +5,10 @@ See the end for copying conditions. * Version 2.12.3 (unreleased) +* libgnutls: Restored HMAC-MD5 for compatibility. Although considered +weak, several sites require it for connection. It is enabled for +"NORMAL" and "PERFORMANCE" priority strings. + * libgnutls: depend on libdl. * libgnutls: gnutls_transport_set_global_errno() was deprecated. diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 2f35a84689..8f592070f2 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -355,9 +355,10 @@ static const int sign_priority_secure256[] = { 0 }; -static const int mac_priority_performance[] = { +static const int mac_priority_normal[] = { GNUTLS_MAC_SHA1, GNUTLS_MAC_SHA256, + GNUTLS_MAC_MD5, 0 }; @@ -573,7 +574,7 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, _set_priority (&(*priority_cache)->cipher, cipher_priority_performance); _set_priority (&(*priority_cache)->kx, kx_priority_performance); - _set_priority (&(*priority_cache)->mac, mac_priority_performance); + _set_priority (&(*priority_cache)->mac, mac_priority_normal); _set_priority (&(*priority_cache)->sign_algo, sign_priority_default); } @@ -581,7 +582,7 @@ gnutls_priority_init (gnutls_priority_t * priority_cache, { _set_priority (&(*priority_cache)->cipher, cipher_priority_normal); _set_priority (&(*priority_cache)->kx, kx_priority_secure); - _set_priority (&(*priority_cache)->mac, mac_priority_secure); + _set_priority (&(*priority_cache)->mac, mac_priority_normal); _set_priority (&(*priority_cache)->sign_algo, sign_priority_default); } |