diff options
| author | Eneas U de Queiroz <cotequeiroz@gmail.com> | 2019-08-05 17:07:48 -0300 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2019-08-17 15:38:33 +0200 |
| commit | e8f9c22d02fccde1d992f324280fb9966d3b4be6 (patch) | |
| tree | 6b98c34ff8d8c07b049fdbf56937a3324923460a /CMakeLists.txt | |
| parent | 7e9e269312ac67ce9706120f91739aeff73e2701 (diff) | |
| download | ustream-ssl-e8f9c22d02fccde1d992f324280fb9966d3b4be6.tar.gz | |
Revise supported ciphersuites
CBC ciphersuites have been under scrutiny because of the many padding
oracle vulnerabilities that keep popping up; it seems that we won't be
able to patch up the inherent wakness of MAC-then-encrypt forever. They
have been blacklisted by HTTP/2, and recently dropped from Mozilla's
Security/Serverside TLS intermediate compatibility list:
https://wiki.mozilla.org/Security/Server_Side_TLS
This commit removes ECDSA-CBC ciphersuites. Basically, you can choose a
level of ciphersuite security, using the private-key type as a switch:
For RSA keys, CBC and RSA-key exchange ciphers will be enabled--mostly
matching Mozilla's Old backward compatibility list.
If you use an EC private key, then only ephemeral-key, authenticated
ciphers will be used, along the lines of what Mozilla's Intermediate
compatibility list prescribes.
The order does not match Mozilla's list 100% because in most embedded
systems, the server is going to be the least-capable machine. So,
chacha20-poly1305 is moved ahead of AES, and the cipher preference is
always given to the server. Also, DHE ciphers are not used for server.
The client list had the order changed to prioritize authenticated
ciphers, so DHE-chacha and DHE-GCM were moved ahead of ECDHE-CBC.
Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
Diffstat (limited to 'CMakeLists.txt')
0 files changed, 0 insertions, 0 deletions