diff options
author | Bodo Möller <bodo@openssl.org> | 2007-02-21 09:33:14 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2007-02-21 09:33:14 +0000 |
commit | aa79dd6895bb2d26b69d2df3b6355beb77fda089 (patch) | |
tree | a246d8d081a0dbc39b41f35439b64c828c4aed0c /ssl | |
parent | 60cad2caed280df674a52fb65eb387b19e6d6998 (diff) |
prefer SHA1 over MD5 (this affects the Kerberos ciphersuites)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/ssl_ciph.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/ssl/ssl_ciph.c b/ssl/ssl_ciph.c index 666d44d34a..9b5a2648f6 100644 --- a/ssl/ssl_ciph.c +++ b/ssl/ssl_ciph.c @@ -1180,12 +1180,15 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail); - /* Temporarily enable AES first (preferred cipher) */ + /* AES is our preferred symmetric cipher */ ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); - /* Temporarily enable everything else */ + /* Temporarily enable everything else for sorting */ ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail); + /* Low priority for MD5 */ + ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail); + /* Move anonymous ciphers to the end. Usually, these will remain disabled. * (For applications that allow them, they aren't too bad, but we prefer * authenticated ciphers.) */ |