extend the list of available ciphers to include most of the
openssl "HIGH" with some additional disables. retain the current list of bad options. should deal with PR#51278.
This commit is contained in:
parent
19f4060684
commit
876508f642
|
@ -1,8 +1,11 @@
|
|||
$NetBSD: CHANGES,v 1.50 2021/08/24 09:47:36 mrg Exp $
|
||||
$NetBSD: CHANGES,v 1.51 2021/08/24 09:53:26 mrg Exp $
|
||||
|
||||
changes in bozohttpd 20210824:
|
||||
o new "-m tlsversion" option to set the minimum TLS version
|
||||
available. partially from <sunil@nimmagadda.net>.
|
||||
o extend the list of available ciphers to include most of the
|
||||
openssl "HIGH" with some additional disables. retain the current
|
||||
list of bad options. should deal with PR#51278.
|
||||
|
||||
changes in bozohttpd 20210504:
|
||||
o don't assume host BUFSIZ is sufficent. small BUFSIZ leads to
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $NetBSD: ssl-bozo.c,v 1.30 2021/08/24 09:47:36 mrg Exp $ */
|
||||
/* $NetBSD: ssl-bozo.c,v 1.31 2021/08/24 09:53:26 mrg Exp $ */
|
||||
|
||||
/* $eterna: ssl-bozo.c,v 1.15 2011/11/18 09:21:15 mrg Exp $ */
|
||||
|
||||
|
@ -51,10 +51,15 @@
|
|||
|
||||
#ifndef BOZO_SSL_CIPHERS
|
||||
#define BOZO_SSL_CIPHERS \
|
||||
"AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:" \
|
||||
"AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:" \
|
||||
"AES:" \
|
||||
"-SHA:" \
|
||||
"HIGH:" \
|
||||
"-SHA:-ADH:" \
|
||||
"-PSK-AES128-CCM:-PSK-AES256-CCM:" \
|
||||
"-DHE-PSK-AES128-CCM8:-DHE-PSK-AES256-CCM8:" \
|
||||
"-AES128-CCM8:-AES256-CCM8:" \
|
||||
"-DHE-RSA-AES128-CCM8:-DHE-RSA-AES256-CCM8:" \
|
||||
"-PSK-AES128-CCM8:-PSK-AES256-CCM8:" \
|
||||
"-CAMELLIA128:-CAMELLIA256:" \
|
||||
"-RSA-PSK-CHACHA20-POLY1305:" \
|
||||
"!aNULL:!eNULL:" \
|
||||
"!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:" \
|
||||
"!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:" \
|
||||
|
|
Loading…
Reference in New Issue