Lines Matching refs:ciphersuites
627 * Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
628 to the list of ciphersuites providing Perfect Forward Secrecy as
2900 * Added a new API for TLSv1.3 ciphersuites:
2936 configuration. TLSv1.3 ciphersuites are not compatible with TLSv1.2 and
2937 below. Similarly TLSv1.2 ciphersuites are not compatible with TLSv1.3.
2939 would otherwise inadvertently disable all TLSv1.3 ciphersuites the
3651 default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
3663 TLS connections using `*-CHACHA20-POLY1305` ciphersuites are susceptible to
4048 * RC4 based libssl ciphersuites are now classed as "weak" ciphers and are
4264 support for GOST ciphersuites (these are only activated if a GOST engine
4462 * Removed DES and RC4 ciphersuites from DEFAULT. Also removed RC2 although
4465 DES and RC4 ciphersuites.
4507 * Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites
4548 * Removed support for the two export grade static DH ciphersuites
4549 EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
4550 were newly added (along with a number of other static DH ciphersuites) to
4553 ciphersuites, and given "logjam" it also does not seem correct to fix them.
4566 * Support for Kerberos ciphersuites in TLS (RFC2712) has been removed. This
5122 In order for this to be exploitable "non-stitched" ciphersuites must be in
5123 use. Stitched ciphersuites are optimised implementations of certain
5124 commonly used ciphersuites. Also the application must call SSL_shutdown()
5369 default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
5860 ciphersuites. This could have some performance impact.
5898 default in OpenSSL DHE based SSL/TLS ciphersuites.
6404 of RFC6460: restrict ciphersuites, only permit Suite B algorithms and
6608 * Support for fixed DH ciphersuites: those requiring DH server
7341 ECDH ciphersuites.
7351 non-export ciphersuites and could be used by a server to effectively
7533 * OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
7634 * Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
7733 ciphersuites which can be exploited in a denial of service attack.
7824 * Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
8014 portions. This adds all GCM ciphersuites supported by RFC5288 and
8025 * Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support.
8026 As required by RFC5289 these ciphersuites cannot be used if for
8129 All server ciphersuites should now work correctly in TLS v1.2. No client
8136 ciphersuites. At present only RSA key exchange ciphersuites work with
8406 ECDH ciphersuites.
8416 non-export ciphersuites and could be used by a server to effectively
8528 * OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
8618 * Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
8837 * Fix SSL memory handling for (EC)DH ciphersuites, in particular
8848 Before this you could only use some ECC ciphersuites with SHA1 only.
8989 string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
9214 * Implement remaining functionality needed to support GOST ciphersuites.
9349 removing ("!foo+bar") a class of ciphersuites: Now it maintains
9350 the order of disabled ciphersuites such that those ciphersuites
9353 than other disabled ciphersuites the next time ciphersuites are
9357 the same ciphersuites as with "HIGH" alone, but in a specific
9358 order where the PSK ciphersuites come first (since they are the
9359 most recently disabled ciphersuites when "HIGH" is parsed).
9363 ciphersuites, ephemeral ECDH is preferred over ephemeral DH in
9369 arranges the ciphersuites in reasonable order before starting
9521 on the other hand, since these are separate ciphersuites. The
9522 unused code for Fortezza ciphersuites has been removed.
9532 available, and ECC ciphersuites are no longer excluded from "ALL"
9534 ciphersuites, most of these by analogy with the DH case:
9693 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
9725 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
9729 * Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
9733 New ciphersuites:
10176 to ensure that even with this option, only ciphersuites in the
10514 add SEED ciphersuites from RFC 4162:
10578 authentication-only ciphersuites.
10646 * Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
10652 "RC4-MD5" that intentionally matched multiple ciphersuites --
10653 namely, SSL 2.0 ciphersuites in addition to the more common ones
10662 Since SSL 2.0 does not have any ciphersuites for which the
10688 * Disable "ECCdraft" ciphersuites more thoroughly. Now special
10689 treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
10692 non-experimental use of the ECC ciphersuites to get TLS extension
10698 * Disable rogue ciphersuites:
10705 draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
10708 Also deactivate the remaining ciphersuites from
10709 draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
10722 Also, add Camellia TLS ciphersuites from RFC 4132.
10750 * Update support for ECC-based TLS ciphersuites according to
11165 * Update support for ECC-based TLS ciphersuites according to
11495 * Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
11760 authentication-only ciphersuites.
11840 * Disable rogue ciphersuites:
11847 draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
11850 Also deactivate the remaining ciphersuites from
11851 draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
11995 size for static RSA ciphersuites) as well as client server and random
12085 * Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
12519 (E.g., cipher list string "RSA" enables ciphersuites that are left
12521 "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
13705 the clients preferred ciphersuites and rather use its own preferences.
13733 Add TLS AES ciphersuites as described in RFC3268, "Advanced
14674 in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
15385 DH ciphersuites.
16174 i.e. non-zero for export ciphersuites, zero otherwise.
16962 ciphersuites has been selected (as required by the SSL 3/TLS 1
17734 ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of
18436 * Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
18789 * Disable new TLS1 ciphersuites by default: they aren't official yet.
18822 * Permit null encryption ciphersuites, used for authentication only. It used
18969 * Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
18972 Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.