From: Nikos Mavrogiannopoulos Date: Wed, 15 Oct 2014 13:21:27 +0000 (+0200) Subject: updated documentation for SSL 3.0 removal X-Git-Tag: gnutls_3_4_0~781 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee83078f806d5ca6eccdbfd84371179589a37570;p=thirdparty%2Fgnutls.git updated documentation for SSL 3.0 removal --- diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 4cdbd54d7c..805c0b51c5 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -988,7 +988,7 @@ algorithms to be enabled. @end float Unless the initial keyword is "NONE" the defaults (in preference -order) are for TLS protocols TLS 1.2, TLS1.1, TLS1.0, SSL3.0; for +order) are for TLS protocols TLS 1.2, TLS1.1, TLS1.0; for compression NULL; for certificate types X.509. In key exchange algorithms when in NORMAL or SECURE levels the perfect forward secrecy algorithms take precedence of the other @@ -1050,8 +1050,8 @@ GCM ciphers only). All algorithms from NORMAL priority can be accessed with MAC- COMP-NULL, COMP-DEFLATE. Catch all is COMP-ALL. @item TLS versions @tab -VERS-SSL3.0, VERS-TLS1.0, VERS-TLS1.1, -VERS-TLS1.2, VERS-DTLS1.2, VERS-DTLS1.0. +VERS-TLS1.0, VERS-TLS1.1, VERS-TLS1.2, +VERS-DTLS1.0, VERS-DTLS1.2. Catch all is VERS-TLS-ALL and VERS-DTLS-ALL. @item Signature algorithms @tab @@ -1195,8 +1195,8 @@ Specifying RSA with AES-128-CBC: Specifying the defaults except ARCFOUR-128: "NORMAL:-ARCFOUR-128" -Enabling the 128-bit secure ciphers, while disabling SSL 3.0 and enabling compression: - "SECURE128:-VERS-SSL3.0:+COMP-DEFLATE" +Enabling the 128-bit secure ciphers, while disabling TLS 1.0 and enabling compression: + "SECURE128:-VERS-TLS1.0:+COMP-DEFLATE" Enabling the 128-bit and 192-bit secure ciphers, while disabling all TLS versions except TLS 1.2: @@ -1587,7 +1587,7 @@ options that are known to cause compatibility problems, is shown below. NORMAL:%COMPAT @end verbatim -For broken peers that do not tolerate TLS version numbers over TLS 1.0 +For very old broken peers that do not tolerate TLS version numbers over TLS 1.0 another priority string is: @verbatim NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT