git.bettercrypto.org / ach-master.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b778b13)
Re-enable SRP.
authorAaron Kaplan <aaron@lo-res.org>
Tue, 7 Jan 2014 18:45:39 +0000 (19:45 +0100)
committerAaron Kaplan <aaron@lo-res.org>
Tue, 7 Jan 2014 18:45:39 +0000 (19:45 +0100)
Reasoning:

1) feedback on the mailing lists requested removal of "!SRP".
2) first of all, sysadmins need to configure SRP manually anyway.
This means, disabling SRP in our cipher string will just lock it out anyway but not specifiying SRP will not disable it for an already configured SRP system
3) SRP seems to be a good protocol

Relevant mailing list posts:
http://lists.cert.at/pipermail/ach/2013-December/thread.html#616

src/cipherStringB.txt patch | blob | history

diff --git a/src/cipherStringB.txt b/src/cipherStringB.txt
index 5437676..2380901 100644 (file)
--- a/src/cipherStringB.txt
+++ b/src/cipherStringB.txt
@@ -1 +1 @@
-EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
+EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
applied crypto hardening (master repo)