From: Nikos Mavrogiannopoulos Date: Thu, 19 May 2016 08:56:52 +0000 (+0200) Subject: priority: CCM ciphersuites was promoted over the CBC ones X-Git-Tag: gnutls_3_5_1~130 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b64418f942db2e7341efbbc9cd706f50d94c7c7;p=thirdparty%2Fgnutls.git priority: CCM ciphersuites was promoted over the CBC ones Also make explicit the prioritization rules for the default set of ciphers. --- diff --git a/lib/priority.c b/lib/priority.c index 31710c4e02..a2507882f7 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -262,7 +262,9 @@ static const int _cipher_priority_performance_no_aesni[] = { }; /* If GCM and AES acceleration is available then prefer - * them over anything else. + * them over anything else. Overall we prioritise AEAD + * over legacy ciphers, and 256-bit over 128 (for future + * proof). */ static const int _cipher_priority_normal_default[] = { GNUTLS_CIPHER_AES_256_GCM,