Prefer AES/Camellia suites over 3DES/NULL encryption

[thirdparty/strongswan.git] / src / libtls / tls_crypto.c

diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c
index caf8cda9574342aebe3a6ffd396e62556ba4332b..c251194828f11a3a0488bb8e675b2cfccbff2b35 100644 (file)
--- a/src/libtls/tls_crypto.c
+++ b/src/libtls/tls_crypto.c
@@ -339,22 +339,6 @@ typedef struct {
  * Mapping suites to a set of algorithms
  */
 static suite_algs_t suite_algs[] = {
-       { TLS_RSA_WITH_NULL_MD5,
-               HASH_MD5, PRF_HMAC_MD5,
-               AUTH_HMAC_MD5_128, ENCR_NULL, 0
-       },
-       { TLS_RSA_WITH_NULL_SHA,
-               HASH_SHA1, PRF_HMAC_SHA1,
-               AUTH_HMAC_SHA1_160, ENCR_NULL, 0
-       },
-       { TLS_RSA_WITH_NULL_SHA256,
-               HASH_SHA256, PRF_HMAC_SHA2_256,
-               AUTH_HMAC_SHA2_256_256, ENCR_NULL, 0
-       },
-       { TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-               HASH_SHA1, PRF_HMAC_SHA1,
-               AUTH_HMAC_SHA1_160, ENCR_3DES, 0
-       },
        { TLS_RSA_WITH_AES_128_CBC_SHA,
                HASH_SHA1, PRF_HMAC_SHA1,
                AUTH_HMAC_SHA1_160, ENCR_AES_CBC, 16
@@ -387,6 +371,22 @@ static suite_algs_t suite_algs[] = {
                HASH_SHA256, PRF_HMAC_SHA2_256,
                AUTH_HMAC_SHA2_256_256, ENCR_CAMELLIA_CBC, 32
        },
+       { TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+               HASH_SHA1, PRF_HMAC_SHA1,
+               AUTH_HMAC_SHA1_160, ENCR_3DES, 0
+       },
+       { TLS_RSA_WITH_NULL_SHA,
+               HASH_SHA1, PRF_HMAC_SHA1,
+               AUTH_HMAC_SHA1_160, ENCR_NULL, 0
+       },
+       { TLS_RSA_WITH_NULL_SHA256,
+               HASH_SHA256, PRF_HMAC_SHA2_256,
+               AUTH_HMAC_SHA2_256_256, ENCR_NULL, 0
+       },
+       { TLS_RSA_WITH_NULL_MD5,
+               HASH_MD5, PRF_HMAC_MD5,
+               AUTH_HMAC_MD5_128, ENCR_NULL, 0
+       },
 };
 
 /**