!SSLv3 damn it
authorAaron Kaplan <aaron@lo-res.org>
Fri, 17 Oct 2014 09:56:15 +0000 (11:56 +0200)
committerAaron Kaplan <aaron@lo-res.org>
Fri, 17 Oct 2014 09:56:15 +0000 (11:56 +0200)
src/common/cipherStringB.tex

index b1c122d..610c4bd 100644 (file)
@@ -1 +1,7 @@
-\seqsplit{EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA}
+%\seqsplit{EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:!SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA}
+%% new version based on the discussions on the mailing list:
+% Changes:
+% 2014/07/07  - order by cipher strenght and not by HMAC lenght
+%             - also see the discussion on http://lists.cert.at/pipermail/ach/2014-June/001454.html
+%             The idea was to remove AES256 and CAMMELIA 256 and also SHA384
+\seqsplit{EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:!SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA}