priority: CCM ciphersuites was promoted over the CBC ones

author Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 19 May 2016 08:56:52 +0000 (10:56 +0200)

committer Nikos Mavrogiannopoulos <nmav@redhat.com>

Thu, 19 May 2016 09:02:04 +0000 (11:02 +0200)
author Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 19 May 2016 08:56:52 +0000 (10:56 +0200)
committer Nikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 19 May 2016 09:02:04 +0000 (11:02 +0200)
diff --git a/lib/priority.c b/lib/priority.c

index 31710c4e02ef068bec86839758dec824e9b059e7..a2507882f77f91fb58cb7400f3a537364685376b 100644 (file)
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -262,7 +262,9 @@ static const int _cipher_priority_performance_no_aesni[] = {
  };
  
  /* If GCM and AES acceleration is available then prefer
- * them over anything else.
+ * them over anything else. Overall we prioritise AEAD
+ * over legacy ciphers, and 256-bit over 128 (for future
+ * proof).
   */
  static const int _cipher_priority_normal_default[] = {
         GNUTLS_CIPHER_AES_256_GCM,
author	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 19 May 2016 08:56:52 +0000 (10:56 +0200)
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>
	Thu, 19 May 2016 09:02:04 +0000 (11:02 +0200)