| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
This introduces a priority string option to force encrypt-then-mac
during negotiation, to prevent negotiating the legacy CBC ciphersuites.
Resolves #472
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
| |
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
|
|
|
|
|
|
|
|
| |
They are not required for TLS 1.3, and are deprecated for TLS 1.2.
We eliminate them in order to reduce the complexity in the record
packet handling.
Resolves #212
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
|
|
|
| |
This allows performing a verification with only SHA1 allowed
from the broken algorithms. This can be used to fine-tune
verification in case default verification fails, to detect
whether the failed algorithm was SHA1.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
|
|
|
|
| |
This allows enabling broken signature algorithms in certificate verification.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
| |
|
|
|
|
|
| |
This allows clients to enable the TLS_FALLBACK_SCSV mechanism during
the handshake, as defined in RFC7507.
|
|
|
|
| |
master secret extension
|
|
|
|
|
|
|
| |
It implements a revised version of RFC7366, to avoid interoperability
issues: http://www.ietf.org/mail-archive/web/tls/current/msg14349.html
This is currently enabled by default, unless %NO_ETM, or %COMPAT
is specified.
|
|
|
|
| |
This is implied by the priority string PFS.
|
|
|
|
|
| |
This profile corresponds to a 64-bit security level (e.g., RSA
parameters of 768 bits).
|
|
|
|
|
| |
This will disable any wildcard matching when comparing hostnames
in certificates.
|
|
|
|
|
|
|
| |
This extension did not get accepted by IETF so it is
now being removed. The gnutls_range API is kept in case
length hiding is implemented in a different way at some
point.
|
| |
|
|
|
|
|
|
| |
That was done to avoid confusion with the NORMAL priority string.
Also when setting a PROFILE explicitly as priority string the
session security level is adjusted accordingly.
|
|
|