Skip to content
  • Bodo Möller's avatar
    Include "!eNULL" in SSL_DEFAULT_CIPHER_LIST to make sure that a · 0a05123a
    Bodo Möller authored
    ciphersuite string such as "DEFAULT:RSA" cannot enable
    authentication-only ciphersuites.
    
    Also, change ssl_create_cipher_list() so that it no longer
    starts with an arbitrary ciphersuite ordering, but instead
    uses the logic that we previously had in SSL_DEFEAULT_CIPHER_LIST.
    SSL_DEFAULT_CIPHER_LIST simplifies into just "ALL:!aNULL:!eNULL".
    0a05123a
To find the state of this project's repository at the time of any of these versions, check out the tags.