diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-09-08 21:47:54 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2017-09-08 21:53:15 +0200 |
commit | db9e36efb66b27a2fc8a9400df50c61ac5894630 (patch) | |
tree | 1ab8078bd0450db876344849b9d64e3f96cb8028 | |
parent | 988709210807db0547bcf0c05315bcce17e4cabe (diff) | |
download | gnutls-tmp-gnutls_3_5_x_remove_camellia_gcm.tar.gz |
Removed the camellia GCM ciphersuites from the default priority sets.tmp-gnutls_3_5_x_remove_camellia_gcm
There are already the CCM and CHACHA20-POLY1305 ciphersuites as AES-GCM backup,
and the camellia-gcm ciphersuites are not widespread to justify keeping them.
That way we reduce the number of the ciphersuites sent to 49, and allow connections
to few broken servers which require a low number of ciphersuites.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
-rw-r--r-- | NEWS | 6 | ||||
-rw-r--r-- | lib/priority.c | 9 |
2 files changed, 6 insertions, 9 deletions
@@ -10,6 +10,12 @@ See the end for copying conditions. ** libgnutls: Fixed interoperability issue with openssl when safe renegotiation was used. Resolves gitlab issue #259. +** libgnutls: Removed the camellia GCM ciphersuites from the default priority sets. + There are already the CCM and CHACHA20-POLY1305 ciphersuites as AES-GCM backup, + and the camellia-gcm ciphersuites are not widespread to justify keeping them. + That way we reduce the number of the ciphersuites sent to 49, and allow connections + to few broken servers which require a low number of ciphersuites. + ** p11tool: The options --set-pin and --set-so-pin can be used with all operations not only with --initialize. diff --git a/lib/priority.c b/lib/priority.c index 15d7073ed3..e46b2f6138 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -238,8 +238,6 @@ static const int _cipher_priority_performance_default[] = { GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_128_CCM, GNUTLS_CIPHER_AES_256_CCM, - GNUTLS_CIPHER_CAMELLIA_128_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_CAMELLIA_128_CBC, @@ -254,8 +252,6 @@ static const int _cipher_priority_performance_no_aesni[] = { GNUTLS_CIPHER_AES_256_GCM, GNUTLS_CIPHER_AES_128_CCM, GNUTLS_CIPHER_AES_256_CCM, - GNUTLS_CIPHER_CAMELLIA_128_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_CAMELLIA_128_CBC, @@ -271,7 +267,6 @@ static const int _cipher_priority_performance_no_aesni[] = { */ static const int _cipher_priority_normal_default[] = { GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_256_CCM, @@ -279,7 +274,6 @@ static const int _cipher_priority_normal_default[] = { GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_AES_128_GCM, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_CIPHER_AES_128_CCM, GNUTLS_CIPHER_AES_128_CBC, @@ -330,14 +324,12 @@ static const int* cipher_priority_suiteb192 = _cipher_priority_suiteb192; static const int _cipher_priority_secure128[] = { GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_CIPHER_AES_256_CCM, GNUTLS_CIPHER_AES_128_GCM, - GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_CIPHER_AES_128_CCM, @@ -348,7 +340,6 @@ static const int *cipher_priority_secure128 = _cipher_priority_secure128; static const int _cipher_priority_secure192[] = { GNUTLS_CIPHER_AES_256_GCM, - GNUTLS_CIPHER_CAMELLIA_256_GCM, GNUTLS_CIPHER_CHACHA20_POLY1305, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_CAMELLIA_256_CBC, |