generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
openssl/ssl
History
Emilia Kasper a556f34220 Rework the default cipherlist. 
- Always prefer forward-secure handshakes.
 - Consistently order ECDSA above RSA.
 - Next, always prefer AEADs to non-AEADs, irrespective of strength.
 - Within AEADs, prefer GCM > CHACHA > CCM for a given strength.
 - Prefer TLS v1.2 ciphers to legacy ciphers.
 - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default
   list to reduce ClientHello bloat.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 16:53:42 +01:00
..
record
Remove unused parameters from internal functions
2016-02-22 13:39:44 -05:00
statem
Adds CT validation to SSL connections
2016-03-04 10:50:10 -05:00
bio_ssl.c
Remove /* foo.c */ comments
2016-01-26 16:40:43 -05:00
build.info
Update build.info files for auto-init/de-init
2016-02-09 15:11:38 +00:00
d1_lib.c
Remove unused parameters from internal functions
2016-02-22 13:39:44 -05:00
d1_msg.c
Remove /* foo.c */ comments
2016-01-26 16:40:43 -05:00
d1_srtp.c
Add new DTLS-SRTP protection profiles from RFC 7714
2016-02-04 22:52:21 +00:00
Makefile.in
Always build library object files with shared library cflags
2016-02-20 16:51:31 +01:00
methods.c
Remove /* foo.c */ comments
2016-01-26 16:40:43 -05:00
packet_locl.h
Refactor ClientHello extension parsing
2016-03-03 13:53:26 +01:00
pqueue.c
Remove /* foo.c */ comments
2016-01-26 16:40:43 -05:00
s3_cbc.c
Remove /* foo.c */ comments
2016-01-26 16:40:43 -05:00
s3_enc.c
Refactor ClientHello extension parsing
2016-03-03 13:53:26 +01:00
s3_lib.c
Rework the default cipherlist.
2016-03-07 16:53:42 +01:00
s3_msg.c
Remove /* foo.c */ comments
2016-01-26 16:40:43 -05:00
ssl_asn1.c
Remove /* foo.c */ comments
2016-01-26 16:40:43 -05:00
ssl_cert.c
Fix MacOS/X build warnings
2016-02-11 13:53:39 -05:00
ssl_ciph.c
Rework the default cipherlist.
2016-03-07 16:53:42 +01:00
ssl_conf.c
Remove outdated DEBUG flags.
2016-02-18 17:14:50 -05:00
ssl_err.c
Adds CT validation to SSL connections
2016-03-04 10:50:10 -05:00
ssl_init.c
Hide OPENSSL_INIT_SETTINGS.
2016-02-11 08:43:46 -05:00
ssl_lib.c
Adds CT validation to SSL connections
2016-03-04 10:50:10 -05:00
ssl_locl.h
Rework the default cipherlist.
2016-03-07 16:53:42 +01:00
ssl_mcnf.c
Remove /* foo.c */ comments
2016-01-26 16:40:43 -05:00
ssl_rsa.c
fix no-ec build
2016-03-03 13:27:34 +00:00
ssl_sess.c
Move to REF_DEBUG, for consistency.
2016-02-11 12:40:32 -05:00
ssl_stat.c
Remove /* foo.c */ comments
2016-01-26 16:40:43 -05:00
ssl_txt.c
Remove /* foo.c */ comments
2016-01-26 16:40:43 -05:00
ssl_utst.c
Fix build-break
2016-02-15 10:17:12 -05:00
t1_enc.c
Refactor ClientHello extension parsing
2016-03-03 13:53:26 +01:00
t1_ext.c
Adds CT validation to SSL connections
2016-03-04 10:50:10 -05:00
t1_lib.c
Adds CT validation to SSL connections
2016-03-04 10:50:10 -05:00
t1_reneg.c
Remove outdated DEBUG flags.
2016-02-18 17:14:50 -05:00
t1_trce.c
Adds CT validation to SSL connections
2016-03-04 10:50:10 -05:00
tls_srp.c
Remove /* foo.c */ comments
2016-01-26 16:40:43 -05:00