Changeset facbb08 in mod_gnutls for src/gnutls_util.h


Ignore:
Timestamp:
Aug 12, 2020, 5:20:36 PM (5 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio
Children:
e080eef
Parents:
a66b5be
Message:

Update default priorities

This removes insecure and outdated things still included in the GnuTLS
priority set "NORMAL":

  • Plain RSA key exchange, which does not provide forward secrecy

Co-authored-by: Krista Karppinen <krista.celestia@…>

File:
1 edited

Legend:

Unmodified
Added
Removed
  • src/gnutls_util.h

    ra66b5be rfacbb08  
    11/*
    2  *  Copyright 2016-2019 Fiona Klute
     2 *  Copyright 2016-2020 Fiona Klute
    33 *
    44 *  Licensed under the Apache License, Version 2.0 (the "License");
     
    2727
    2828/** Default GnuTLS priority string for mod_gnutls */
    29 #define MGS_DEFAULT_PRIORITY "NORMAL"
     29#define MGS_DEFAULT_PRIORITY "NORMAL:-RSA:-VERS-TLS1.0:-VERS-TLS1.1"
    3030
    3131/** maximum allowed length of one header line */
Note: See TracChangeset for help on using the changeset viewer.