Commit 2c12e7f6 authored by Bodo Möller's avatar Bodo Möller
Browse files

Ensure that AES remains the preferred cipher at any given key length. 

(This does not really require a special case for Camellia.)
parent 8db10d9a

doc/apps/ciphers.pod

+1 −2
Original line number Diff line number Diff line
@@ -105,8 +105,7 @@ The following is a list of all permitted cipher strings and their meanings. 
=item B<DEFAULT>



the default cipher list. This is determined at compile time and is normally

B<ALL:!aNULL:!eNULL:+RC4:@STRENGTH> or

B<AES:CAMELLIA:ALL!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string

B<AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH>. This must be the first cipher string

specified.



=item B<COMPLEMENTOFDEFAULT>

ssl/ssl.h

+1 −5
Original line number Diff line number Diff line
@@ -317,11 +317,7 @@ extern "C" { 
/* The following cipher list is used by default.

 * It also is substituted when an application-defined cipher list string

 * starts with 'DEFAULT'. */

#ifdef OPENSSL_NO_CAMELLIA

# define SSL_DEFAULT_CIPHER_LIST	"ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */

#else

# define SSL_DEFAULT_CIPHER_LIST	"AES:CAMELLIA:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */

#endif

#define SSL_DEFAULT_CIPHER_LIST	"AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH" /* low priority for RC4 */



/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */

#define SSL_SENT_SHUTDOWN	1