From: Nikos Mavrogiannopoulos Date: Mon, 7 Feb 2011 09:59:19 +0000 (+0100) Subject: updated priorities. Removed ARCFOUR from the secure ciphersuites and X-Git-Tag: gnutls_2_99_0~313 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fa72f202b690bfb57bd7663bfe62080e0ec8e758;p=thirdparty%2Fgnutls.git updated priorities. Removed ARCFOUR from the secure ciphersuites and moved GCM to bottom of the ciphers in performance. --- diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c index 5884a0f3a8..2600a4749f 100644 --- a/lib/gnutls_priority.c +++ b/lib/gnutls_priority.c @@ -262,7 +262,6 @@ static const int kx_priority_secure[] = { }; static const int cipher_priority_performance[] = { - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_CIPHER_ARCFOUR_128, #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, @@ -273,7 +272,9 @@ static const int cipher_priority_performance[] = { #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_256_CBC, #endif - /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */ +#ifdef NETTLE_GCM + GNUTLS_CIPHER_AES_128_GCM, +#endif 0 }; @@ -282,14 +283,15 @@ static const int cipher_priority_normal[] = { #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, #endif - GNUTLS_CIPHER_AES_128_GCM, GNUTLS_CIPHER_AES_256_CBC, #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_256_CBC, +#endif +#ifdef NETTLE_GCM + GNUTLS_CIPHER_AES_128_GCM, #endif GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_ARCFOUR_128, - /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */ 0 }; @@ -298,10 +300,10 @@ static const int cipher_priority_secure128[] = { #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, #endif +#ifdef NETTLE_GCM GNUTLS_CIPHER_AES_128_GCM, +#endif GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_ARCFOUR_128, - /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */ 0 }; @@ -315,10 +317,10 @@ static const int cipher_priority_secure256[] = { #ifdef ENABLE_CAMELLIA GNUTLS_CIPHER_CAMELLIA_128_CBC, #endif +#ifdef NETTLE_GCM GNUTLS_CIPHER_AES_128_GCM, +#endif GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_ARCFOUR_128, - /* GNUTLS_CIPHER_ARCFOUR_40: Insecure, don't add! */ 0 };