diff options
| author | Simon Josefsson <simon@josefsson.org> | 2007-02-06 14:26:58 +0000 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2007-02-06 14:26:58 +0000 |
| commit | 8ac7a33c44dc08dbc88021e948bc58f73976cd78 (patch) | |
| tree | 733ad304cadf7e841c33ed3a3f277a836a998639 /src | |
| parent | 43c013dfd95614a312828f13b9793fd928da90e7 (diff) | |
| download | gnutls-8ac7a33c44dc08dbc88021e948bc58f73976cd78.tar.gz | |
Modernize priorities.
Diffstat (limited to 'src')
| -rw-r--r-- | src/cli.c | 62 | ||||
| -rw-r--r-- | src/serv.c | 12 |
2 files changed, 53 insertions, 21 deletions
@@ -1,5 +1,5 @@ /* - * Copyright (C) 2004, 2005, 2006 Free Software Foundation + * Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation * Copyright (C) 2000,2001,2002,2003 Nikos Mavroyanopoulos * * This file is part of GNUTLS. @@ -88,23 +88,55 @@ static gnutls_psk_client_credentials_t psk_cred; static gnutls_anon_client_credentials_t anon_cred; static gnutls_certificate_credentials_t xcred; -int protocol_priority[PRI_MAX] = - { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; -int kx_priority[PRI_MAX] = - { GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, - GNUTLS_KX_SRP_RSA, GNUTLS_KX_SRP_DSS, GNUTLS_KX_SRP, GNUTLS_KX_PSK, +static int protocol_priority[PRI_MAX] = { + GNUTLS_TLS1_2, + GNUTLS_TLS1_1, + GNUTLS_TLS1_0, + GNUTLS_SSL3, + 0 +}; + +static int kx_priority[PRI_MAX] = { + GNUTLS_KX_SRP_RSA, + GNUTLS_KX_SRP_DSS, + GNUTLS_KX_SRP, + GNUTLS_KX_DHE_RSA, + GNUTLS_KX_DHE_DSS, + GNUTLS_KX_RSA, + GNUTLS_KX_PSK, /* Do not use anonymous authentication, unless you know what that means */ - GNUTLS_KX_RSA_EXPORT, GNUTLS_KX_ANON_DH, 0 + GNUTLS_KX_RSA_EXPORT, + GNUTLS_KX_ANON_DH, 0 }; -int cipher_priority[PRI_MAX] = - { GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, - GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, - GNUTLS_CIPHER_ARCFOUR_40, 0 + +static int cipher_priority[PRI_MAX] = { + GNUTLS_CIPHER_AES_256_CBC, + GNUTLS_CIPHER_AES_128_CBC, + GNUTLS_CIPHER_3DES_CBC, + GNUTLS_CIPHER_ARCFOUR_128, + GNUTLS_CIPHER_ARCFOUR_40, + 0 +}; + +static int comp_priority[PRI_MAX] = { + GNUTLS_COMP_LZO, + GNUTLS_COMP_DEFLATE, + GNUTLS_COMP_NULL, + 0 +}; + +static int mac_priority[PRI_MAX] = { + GNUTLS_MAC_SHA1, + GNUTLS_MAC_MD5, + GNUTLS_MAC_RMD160, + 0 +}; + +static int cert_type_priority[PRI_MAX] = { + GNUTLS_CRT_OPENPGP, + GNUTLS_CRT_X509, + 0 }; -int comp_priority[PRI_MAX] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; -int mac_priority[PRI_MAX] = - { GNUTLS_MAC_SHA1, GNUTLS_MAC_MD5, GNUTLS_MAC_RMD160, 0 }; -int cert_type_priority[PRI_MAX] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; /* end of global stuff */ diff --git a/src/serv.c b/src/serv.c index 183745088b..b4211c479f 100644 --- a/src/serv.c +++ b/src/serv.c @@ -331,15 +331,15 @@ static int protocol_priority[PRI_MAX] = { }; static int kx_priority[PRI_MAX] = { + GNUTLS_KX_DHE_PSK, + GNUTLS_KX_PSK, + GNUTLS_KX_SRP_RSA, + GNUTLS_KX_SRP_DSS, + GNUTLS_KX_SRP, + GNUTLS_KX_DHE_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, - GNUTLS_KX_DHE_RSA, - GNUTLS_KX_SRP, - GNUTLS_KX_PSK, - GNUTLS_KX_DHE_PSK, /* Do not use anonymous authentication, unless you know what that means */ - GNUTLS_KX_SRP_DSS, - GNUTLS_KX_SRP_RSA, GNUTLS_KX_ANON_DH, GNUTLS_KX_RSA_EXPORT, 0 }; |