diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-08-10 11:56:07 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-08-10 16:56:17 +0200 |
| commit | d47d159c58e4e92c2b4abc52ace05dc79b3e0f1f (patch) | |
| tree | 1d3d313fcb0edc237ba685b1747b7f29fd006546 | |
| parent | af04609394019b38764d436a34a44f0862004cab (diff) | |
| download | gnutls-d47d159c58e4e92c2b4abc52ace05dc79b3e0f1f.tar.gz | |
ARCFOUR-128 is prioritized lower than any other cipher
It is also removed from the secure set of ciphers.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | lib/gnutls_priority.c | 16 |
2 files changed, 11 insertions, 8 deletions
@@ -34,6 +34,9 @@ Version 2.12.24 (unreleased) ** libgnutls: Removed support for EXPORT ciphersuites. The EXPORT priority string becomes and alias to NORMAL. +** libgnutls: ARCFOUR-128 was prioritized lower than any other cipher. Was + removed from the algorithms when the SECURE priority string is specified. + ** libgnutls: Do not call the post client hello callback twice when resuming using session tickets. diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index f2131b5747..74c6ea48dc 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -249,7 +249,6 @@ static const int kx_priority_secure[] = { }; static const int cipher_priority_performance[] = { - GNUTLS_CIPHER_ARCFOUR_128, #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, #endif @@ -259,19 +258,20 @@ static const int cipher_priority_performance[] = { #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_256_CBC, #endif - /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */ + GNUTLS_CIPHER_3DES_CBC, + GNUTLS_CIPHER_ARCFOUR_128, 0 }; static const int cipher_priority_normal[] = { - GNUTLS_CIPHER_AES_128_CBC, -#ifdef ENABLE_CAMELLIA - GNUTLS_CIPHER_CAMELLIA_128_CBC, -#endif GNUTLS_CIPHER_AES_256_CBC, #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_256_CBC, #endif + GNUTLS_CIPHER_AES_128_CBC, +#ifdef ENABLE_CAMELLIA + GNUTLS_CIPHER_CAMELLIA_128_CBC, +#endif GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */ @@ -280,11 +280,12 @@ static const int cipher_priority_normal[] = { static const int cipher_priority_secure128[] = { GNUTLS_CIPHER_AES_128_CBC, + GNUTLS_CIPHER_AES_256_CBC, #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, + GNUTLS_CIPHER_CAMELLIA_256_CBC, #endif GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_ARCFOUR_128, /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */ 0 }; @@ -300,7 +301,6 @@ static const int cipher_priority_secure256[] = { GNUTLS_CIPHER_CAMELLIA_128_CBC, #endif GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_ARCFOUR_128, /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */ 0 }; |