Skip to content
  • Emilia Kasper's avatar
    Rework the default cipherlist. · a556f342
    Emilia Kasper authored
    
    
     - Always prefer forward-secure handshakes.
     - Consistently order ECDSA above RSA.
     - Next, always prefer AEADs to non-AEADs, irrespective of strength.
     - Within AEADs, prefer GCM > CHACHA > CCM for a given strength.
     - Prefer TLS v1.2 ciphers to legacy ciphers.
     - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default
       list to reduce ClientHello bloat.
    
    Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
    a556f342
To find the state of this project's repository at the time of any of these versions, check out the tags.