Rework the default cipherlist.

- Always prefer forward-secure handshakes. - Consistently order ECDSA above RSA. - Next, always prefer AEADs to non-AEADs, irrespective of strength. - Within AEADs, prefer GCM > CHACHA > CCM for a given strength. - Prefer TLS v1.2 ciphers to legacy ciphers. - Remove rarely used DSS, IDEA, SEED, CAMELLIA, CCM from the default list to reduce ClientHello bloat. Reviewed-by: Rich Salz <rsalz@openssl.org>
author: Emilia Kasper <emilia@openssl.org> 2016-03-03 19:50:03 +0100
committer: Emilia Kasper <emilia@openssl.org> 2016-03-07 16:53:42 +0100
commit: a556f342201473b4bf8dbf879b03890a74e412b6 (patch)
tree: 76527cf039cfd054c6a2c9f4a0008f4feaa7c403 /CHANGES
parent: 3ed1839dc3ad285ca83609007a18911d3c7bfdbe (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 8c4d9a50c6..f91ba054ed 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@
 
  Changes between 1.0.2g and 1.1.0  [xx XXX xxxx]
 
+  *) Changes to the DEFAULT cipherlist:
+       - Prefer (EC)DHE handshakes over plain RSA.
+       - Prefer AEAD ciphers over legacy ciphers.
+       - Prefer ECDSA over RSA when both certificates are available.
+       - Prefer TLSv1.2 ciphers/PRF.
+       - Remove DSS, SEED, IDEA, CAMELLIA, and AES-CCM from the
+         default cipherlist.
+     [Emilia Käsper]
+
   *) Change the ECC default curve list to be this, in order: x25519,
      secp256r1, secp521r1, secp384r1.
      [Rich Salz]
author	Emilia Kasper <emilia@openssl.org>	2016-03-03 19:50:03 +0100
committer	Emilia Kasper <emilia@openssl.org>	2016-03-07 16:53:42 +0100
commit	a556f342201473b4bf8dbf879b03890a74e412b6 (patch)
tree	76527cf039cfd054c6a2c9f4a0008f4feaa7c403 /CHANGES
parent	3ed1839dc3ad285ca83609007a18911d3c7bfdbe (diff)