diff options
| author | Pauli <pauli@openssl.org> | 2022-05-06 10:42:16 +1000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2022-05-08 16:58:00 +1000 |
| commit | 54b0c534eeb283878092e006e7f1e9315ec62ad6 (patch) | |
| tree | ce9952ea1927853856cd5c1fcaee5ff6376bc8bc | |
| parent | 7bf2e4d7f0c7ae19b7a8c416910886a7171e9820 (diff) | |
doc: add not that DTLS 1.0, TLS 1.1 and before are disabled at security level 1
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/18236)
| -rw-r--r-- | doc/man3/SSL_CTX_set_security_level.pod | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/doc/man3/SSL_CTX_set_security_level.pod b/doc/man3/SSL_CTX_set_security_level.pod index 683840aa1d..b490c74039 100644 --- a/doc/man3/SSL_CTX_set_security_level.pod +++ b/doc/man3/SSL_CTX_set_security_level.pod @@ -78,29 +78,28 @@ DSA and DH keys shorter than 1024 bits and ECC keys shorter than 160 bits are prohibited. Any cipher suite using MD5 for the MAC is also prohibited. Any cipher suites using CCM with a 64 bit authentication tag are prohibited. Note that signatures using SHA1 and MD5 are also forbidden at this level as they -have less than 80 security bits. +have less than 80 security bits. Additionally, SSLv3, TLS 1.0, TLS 1.1 and +DTLS 1.0 are all disabled at this level. =item B<Level 2> Security level set to 112 bits of security. As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. In addition to the level 1 exclusions any cipher suite using RC4 is also -prohibited. SSL version 3 is also not allowed. Compression is disabled. +prohibited. Compression is disabled. =item B<Level 3> Security level set to 128 bits of security. As a result RSA, DSA and DH keys shorter than 3072 bits and ECC keys shorter than 256 bits are prohibited. In addition to the level 2 exclusions cipher suites not offering forward -secrecy are prohibited. TLS versions below 1.1 are not permitted. Session -tickets are disabled. +secrecy are prohibited. Session tickets are disabled. =item B<Level 4> Security level set to 192 bits of security. As a result RSA, DSA and DH keys shorter than 7680 bits and ECC keys shorter than 384 bits are -prohibited. Cipher suites using SHA1 for the MAC are prohibited. TLS -versions below 1.2 are not permitted. +prohibited. Cipher suites using SHA1 for the MAC are prohibited. =item B<Level 5> |