mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 08:34:19 +01:00
Move RC4 ciphersuites down the list
This commit is contained in:
parent
8eab8d368b
commit
c16f4e1f78
@ -13,6 +13,7 @@ Changes
|
|||||||
* Debug module only outputs full lines instead of parts
|
* Debug module only outputs full lines instead of parts
|
||||||
* Better support for the different Attribute Types from IETF PKIX (RFC 5280)
|
* Better support for the different Attribute Types from IETF PKIX (RFC 5280)
|
||||||
* AES-NI now compiles with "old" assemblers too
|
* AES-NI now compiles with "old" assemblers too
|
||||||
|
* Ciphersuites based on RC4 now have the lowest priority by default
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Only iterate over actual certificates in ssl_write_certificate_request()
|
* Only iterate over actual certificates in ssl_write_certificate_request()
|
||||||
|
@ -42,11 +42,11 @@
|
|||||||
/*
|
/*
|
||||||
* Ordered from most preferred to least preferred in terms of security.
|
* Ordered from most preferred to least preferred in terms of security.
|
||||||
*
|
*
|
||||||
* Current rule (except weak and null which come last):
|
* Current rule (except rc4, weak and null which come last):
|
||||||
* 1. By key exchange:
|
* 1. By key exchange:
|
||||||
* Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK
|
* Forward-secure non-PSK > forward-secure PSK > other non-PSK > other PSK
|
||||||
* 2. By key length and cipher:
|
* 2. By key length and cipher:
|
||||||
* AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES > RC4
|
* AES-256 > Camellia-256 > AES-128 > Camellia-128 > 3DES
|
||||||
* 3. By cipher mode when relevant GCM > CBC
|
* 3. By cipher mode when relevant GCM > CBC
|
||||||
* 4. By hash function used
|
* 4. By hash function used
|
||||||
* 5. By key exchange/auth again: EC > non-EC
|
* 5. By key exchange/auth again: EC > non-EC
|
||||||
@ -97,8 +97,6 @@ static const int ciphersuite_preference[] =
|
|||||||
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
|
||||||
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
|
||||||
|
|
||||||
/* The PSK ephemeral suites */
|
/* The PSK ephemeral suites */
|
||||||
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
|
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
|
||||||
@ -121,8 +119,6 @@ static const int ciphersuite_preference[] =
|
|||||||
|
|
||||||
TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_ECDHE_PSK_WITH_RC4_128_SHA,
|
|
||||||
TLS_DHE_PSK_WITH_RC4_128_SHA,
|
|
||||||
|
|
||||||
/* All AES-256 suites */
|
/* All AES-256 suites */
|
||||||
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||||
@ -166,12 +162,8 @@ static const int ciphersuite_preference[] =
|
|||||||
|
|
||||||
/* All remaining >= 128-bit suites */
|
/* All remaining >= 128-bit suites */
|
||||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_RSA_WITH_RC4_128_SHA,
|
|
||||||
TLS_RSA_WITH_RC4_128_MD5,
|
|
||||||
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_ECDH_RSA_WITH_RC4_128_SHA,
|
|
||||||
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
|
|
||||||
|
|
||||||
/* The RSA PSK suites */
|
/* The RSA PSK suites */
|
||||||
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
|
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384,
|
||||||
@ -187,7 +179,6 @@ static const int ciphersuite_preference[] =
|
|||||||
TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
|
|
||||||
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
|
TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||||
TLS_RSA_PSK_WITH_RC4_128_SHA,
|
|
||||||
|
|
||||||
/* The PSK suites */
|
/* The PSK suites */
|
||||||
TLS_PSK_WITH_AES_256_GCM_SHA384,
|
TLS_PSK_WITH_AES_256_GCM_SHA384,
|
||||||
@ -203,6 +194,17 @@ static const int ciphersuite_preference[] =
|
|||||||
TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256,
|
||||||
|
|
||||||
TLS_PSK_WITH_3DES_EDE_CBC_SHA,
|
TLS_PSK_WITH_3DES_EDE_CBC_SHA,
|
||||||
|
|
||||||
|
/* RC4 suites */
|
||||||
|
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
||||||
|
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
||||||
|
TLS_ECDHE_PSK_WITH_RC4_128_SHA,
|
||||||
|
TLS_DHE_PSK_WITH_RC4_128_SHA,
|
||||||
|
TLS_RSA_WITH_RC4_128_SHA,
|
||||||
|
TLS_RSA_WITH_RC4_128_MD5,
|
||||||
|
TLS_ECDH_RSA_WITH_RC4_128_SHA,
|
||||||
|
TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
|
||||||
|
TLS_RSA_PSK_WITH_RC4_128_SHA,
|
||||||
TLS_PSK_WITH_RC4_128_SHA,
|
TLS_PSK_WITH_RC4_128_SHA,
|
||||||
|
|
||||||
/* Weak suites */
|
/* Weak suites */
|
||||||
|
Loading…
Reference in New Issue
Block a user