are prohibited. Any cipher suite using MD5 for the MAC is also prohibited. Any
cipher suites using CCM with a 64 bit authentication tag are prohibited. Note
that signatures using SHA1 and MD5 are also forbidden at this level as they
-have less than 80 security bits.
+have less than 80 security bits. Additionally, SSLv3, TLS 1.0, TLS 1.1 and
+DTLS 1.0 are all disabled at this level.
=item B<Level 2>
Security level set to 112 bits of security. As a result RSA, DSA and DH keys
shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
In addition to the level 1 exclusions any cipher suite using RC4 is also
-prohibited. SSL version 3 is also not allowed. Compression is disabled.
+prohibited. Compression is disabled.
=item B<Level 3>
Security level set to 128 bits of security. As a result RSA, DSA and DH keys
shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited.
In addition to the level 2 exclusions cipher suites not offering forward
-secrecy are prohibited. TLS versions below 1.1 are not permitted. Session
-tickets are disabled.
+secrecy are prohibited. Session tickets are disabled.
=item B<Level 4>
Security level set to 192 bits of security. As a result RSA, DSA and
DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are
-prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS
-versions below 1.2 are not permitted.
+prohibited. Cipher suites using SHA1 for the MAC are prohibited.
=item B<Level 5>
projects / thirdparty / openssl.git / commitdiff
