Reverted the "Revert "!SSLv3 damn it"" commit.

Damn... I threw out too much. This was a decision on 7.7.

This reverts commit ab51c68aa63dea11cc1e019e68c3bb8917da891f.

diff --git a/src/common/cipherStringB.tex b/src/common/cipherStringB.tex
index b1c122d..9ff5714 100644 (file)
--- a/src/common/cipherStringB.tex
+++ b/src/common/cipherStringB.tex
@@ -1 +1,8 @@
-\seqsplit{EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA}
+%\seqsplit{EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA}
+%% new version based on the discussions on the mailing list:
+% Changes:
+% 2014/07/07  - order by cipher strenght and not by HMAC lenght
+%             - also see the discussion on http://lists.cert.at/pipermail/ach/2014-June/001454.html
+%             The idea was to remove AES256 and CAMMELIA 256 and also SHA384
+\seqsplit{EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:!SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA}
+