Reverted the "Revert "!SSLv3 damn it"" commit.
authorAaron Kaplan <aaron@lo-res.org>
Fri, 17 Oct 2014 12:27:38 +0000 (14:27 +0200)
committerAaron Kaplan <aaron@lo-res.org>
Fri, 17 Oct 2014 12:27:38 +0000 (14:27 +0200)
Damn... I threw out too much. This was a decision on 7.7.

This reverts commit ab51c68aa63dea11cc1e019e68c3bb8917da891f.

src/common/cipherStringB.tex

index b1c122d..9ff5714 100644 (file)
@@ -1 +1,8 @@
-\seqsplit{EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA}
+%\seqsplit{EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA}
+%% new version based on the discussions on the mailing list:
+% Changes:
+% 2014/07/07  - order by cipher strenght and not by HMAC lenght
+%             - also see the discussion on http://lists.cert.at/pipermail/ach/2014-June/001454.html
+%             The idea was to remove AES256 and CAMMELIA 256 and also SHA384
+\seqsplit{EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:!SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA}
+