]> git.ipfire.org Git - thirdparty/cups.git/commit
projects / thirdparty / cups.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3bb5973) | patch
Add SSLOptions to enable Diffie-Hellman key exchange and disable TLS/1.0.
authormsweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Wed, 20 May 2015 01:20:52 +0000 (01:20 +0000)
committermsweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Wed, 20 May 2015 01:20:52 +0000 (01:20 +0000)
commitee6226a5cbe12e80205659984bfcc663375b27e6
treea4a6509b4a85df0e219ff918564f1d6a01bb2c94tree | snapshot
parent3bb59731595c4db5427812e41856930bbd012d82commit | diff
Add SSLOptions to enable Diffie-Hellman key exchange and disable TLS/1.0.

DH/DHE support is being made optional because of known security issues with short
DH parameters.  Since there is no way to conditionally use DH/DHE with a minimum
number of bits, we just have to disable it by default.

TLS/1.0 support can now be disabled due to known security issues with TLS/1.0.
However, since TLS/1.1 and TLS/1.2 support is not universally available, we
cannot simply disable TLS/1.0 like we did for SSL/3.0.

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12645 a1ca3aef-8c08-0410-bb20-df032aa958be
CHANGES.txt diff | blob | blame | history
config-scripts/cups-ssl.m4 diff | blob | blame | history
config.h.in diff | blob | blame | history
cups/http-private.h diff | blob | blame | history
cups/tls-darwin.c diff | blob | blame | history
cups/tls-gnutls.c diff | blob | blame | history
cups/tls-sspi.c diff | blob | blame | history
cups/usersys.c diff | blob | blame | history
man/client.conf.man.in diff | blob | blame | history
xcode/config.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.