Re-enable SRP.
authorAaron Kaplan <aaron@lo-res.org>
Tue, 7 Jan 2014 18:45:39 +0000 (19:45 +0100)
committerAaron Kaplan <aaron@lo-res.org>
Tue, 7 Jan 2014 18:45:39 +0000 (19:45 +0100)
Reasoning:

1) feedback on the mailing lists requested removal of "!SRP".
2) first of all, sysadmins need to configure SRP manually anyway.
This means, disabling SRP in our cipher string will just lock it out anyway but not specifiying SRP will not disable it for an already configured SRP system
3) SRP seems to be a good protocol

Relevant mailing list posts:
http://lists.cert.at/pipermail/ach/2013-December/thread.html#616

src/cipherStringB.txt

index 5437676..2380901 100644 (file)
@@ -1 +1 @@
-EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
+EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA