Security framework.
Security callback: selects which parameters are permitted including sensible defaults based on bits of security. The "parameters" which can be selected include: ciphersuites, curves, key sizes, certificate signature algorithms, supported signature algorithms, DH parameters, SSL/TLS version, session tickets and compression. In some cases prohibiting the use of a parameters will mean they are not advertised to the peer: for example cipher suites and ECC curves. In other cases it will abort the handshake: e.g DH parameters or the peer key size. Documentation to follow...
This commit is contained in:
Dr. Stephen Henson
@@ -157,6 +157,11 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/* Default security level if not overriden at config time */
|
||||
#ifndef OPENSSL_TLS_SECURITY_LEVEL
|
||||
#define OPENSSL_TLS_SECURITY_LEVEL 1
|
||||
#endif
|
||||
|
||||
#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 0
|
||||
|
||||
#define TLS1_2_VERSION 0x0303
|
||||
|
||||
Reference in New Issue
Block a user