summaryrefslogtreecommitdiff
path: root/lib/priority_options.gperf
Commit message (Collapse)AuthorAgeFilesLines
* priorities: introduced %FORCE_ETMtmp-measure-recordNikos Mavrogiannopoulos2018-06-121-0/+1
| | | | | | | | | This introduces a priority string option to force encrypt-then-mac during negotiation, to prevent negotiating the legacy CBC ciphersuites. Resolves #472 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* priority_options.gperf: modified for gperf 3.1Nikos Mavrogiannopoulos2017-07-061-1/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Removed support for compression mechanismsNikos Mavrogiannopoulos2017-06-221-1/+1
| | | | | | | | | | They are not required for TLS 1.3, and are deprecated for TLS 1.2. We eliminate them in order to reduce the complexity in the record packet handling. Resolves #212 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Introduced flag GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1Nikos Mavrogiannopoulos2017-03-161-0/+1
| | | | | | | | | This allows performing a verification with only SHA1 allowed from the broken algorithms. This can be used to fine-tune verification in case default verification fails, to detect whether the failed algorithm was SHA1. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Introduced the %VERIFY_ALLOW_BROKEN priority string optionNikos Mavrogiannopoulos2017-03-161-0/+1
| | | | | | This allows enabling broken signature algorithms in certificate verification. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* priorities: Added internal option to allow key usage violations in server sideNikos Mavrogiannopoulos2015-08-141-0/+1
|
* handshake: add FALLBACK_SCSV priority optionAlessandro Ghedini2015-08-011-0/+1
| | | | | This allows clients to enable the TLS_FALLBACK_SCSV mechanism during the handshake, as defined in RFC7507.
* Added priority string %NO_SESSION_HASH to prevent advertising the extended ↵Nikos Mavrogiannopoulos2014-11-131-0/+1
| | | | master secret extension
* Added support for RFC7366 (encrypt then authenticate)Nikos Mavrogiannopoulos2014-11-031-0/+1
| | | | | | | It implements a revised version of RFC7366, to avoid interoperability issues: http://www.ietf.org/mail-archive/web/tls/current/msg14349.html This is currently enabled by default, unless %NO_ETM, or %COMPAT is specified.
* Added priority string %NO_TICKETS that disables session ticket supportNikos Mavrogiannopoulos2014-10-241-0/+1
| | | | This is implied by the priority string PFS.
* Added the 'very weak' certificate verification profile.Nikos Mavrogiannopoulos2014-05-051-0/+1
| | | | | This profile corresponds to a 64-bit security level (e.g., RSA parameters of 768 bits).
* Added priority string %DISABLE_WILDCARDS.Nikos Mavrogiannopoulos2014-04-021-0/+1
| | | | | This will disable any wildcard matching when comparing hostnames in certificates.
* NEW_PADDING has been removed.Nikos Mavrogiannopoulos2014-03-051-1/+1
| | | | | | | This extension did not get accepted by IETF so it is now being removed. The gnutls_range API is kept in case length hiding is implemented in a different way at some point.
* priority string flag VERIFY_ALLOW_X509_V1_CA_CRT is now a dummyNikos Mavrogiannopoulos2014-02-181-1/+1
|
* GNUTLS_SEC_PARAM_NORMAL was renamed to GNUTLS_SEC_PARAM_MEDIUMNikos Mavrogiannopoulos2014-01-141-1/+1
| | | | | | That was done to avoid confusion with the NORMAL priority string. Also when setting a PROFILE explicitly as priority string the session security level is adjusted accordingly.
* Use gperf to find priority string options.Nikos Mavrogiannopoulos2014-01-131-0/+30
View Lorry Controller Status