Lines Matching refs:ciphersuites
907 * Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
908 to the list of ciphersuites providing Perfect Forward Secrecy as
1043 * Enable KTLS with the TLS 1.3 CCM mode ciphersuites. Note that some linux
1046 and all releases since 5.16. KTLS with CCM ciphersuites should be only used
1900 * Add ciphersuites based on DHE_PSK (RFC 4279) and ECDHE_PSK (RFC 5489)
1901 to the list of ciphersuites providing Perfect Forward Secrecy as
4176 * Added a new API for TLSv1.3 ciphersuites:
4212 configuration. TLSv1.3 ciphersuites are not compatible with TLSv1.2 and
4213 below. Similarly TLSv1.2 ciphersuites are not compatible with TLSv1.3.
4215 would otherwise inadvertently disable all TLSv1.3 ciphersuites the
4927 default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
4939 TLS connections using `*-CHACHA20-POLY1305` ciphersuites are susceptible to
5324 * RC4 based libssl ciphersuites are now classed as "weak" ciphers and are
5540 support for GOST ciphersuites (these are only activated if a GOST engine
5738 * Removed DES and RC4 ciphersuites from DEFAULT. Also removed RC2 although
5741 DES and RC4 ciphersuites.
5783 * Rewrite PSK to support ECDHE_PSK, DHE_PSK and RSA_PSK. Add ciphersuites
5824 * Removed support for the two export grade static DH ciphersuites
5825 EXP-DH-RSA-DES-CBC-SHA and EXP-DH-DSS-DES-CBC-SHA. These two ciphersuites
5826 were newly added (along with a number of other static DH ciphersuites) to
5829 ciphersuites, and given "logjam" it also does not seem correct to fix them.
5842 * Support for Kerberos ciphersuites in TLS (RFC2712) has been removed. This
6398 In order for this to be exploitable "non-stitched" ciphersuites must be in
6399 use. Stitched ciphersuites are optimised implementations of certain
6400 commonly used ciphersuites. Also the application must call SSL_shutdown()
6645 default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very
7136 ciphersuites. This could have some performance impact.
7174 default in OpenSSL DHE based SSL/TLS ciphersuites.
7680 of RFC6460: restrict ciphersuites, only permit Suite B algorithms and
7884 * Support for fixed DH ciphersuites: those requiring DH server
8617 ECDH ciphersuites.
8627 non-export ciphersuites and could be used by a server to effectively
8809 * OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
8910 * Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
9009 ciphersuites which can be exploited in a denial of service attack.
9100 * Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.
9290 portions. This adds all GCM ciphersuites supported by RFC5288 and
9301 * Add HMAC ECC ciphersuites from RFC5289. Include SHA384 PRF support.
9302 As required by RFC5289 these ciphersuites cannot be used if for
9405 All server ciphersuites should now work correctly in TLS v1.2. No client
9412 ciphersuites. At present only RSA key exchange ciphersuites work with
9682 ECDH ciphersuites.
9692 non-export ciphersuites and could be used by a server to effectively
9804 * OpenSSL DTLS clients enabling anonymous (EC)DH ciphersuites are subject
9894 * Fix bug in TLS code where clients enable anonymous ECDH ciphersuites
10113 * Fix SSL memory handling for (EC)DH ciphersuites, in particular
10124 Before this you could only use some ECC ciphersuites with SHA1 only.
10265 string to remove SSLv2 ciphersuites. This effectively avoids ancient SSLv2
10490 * Implement remaining functionality needed to support GOST ciphersuites.
10625 removing ("!foo+bar") a class of ciphersuites: Now it maintains
10626 the order of disabled ciphersuites such that those ciphersuites
10629 than other disabled ciphersuites the next time ciphersuites are
10633 the same ciphersuites as with "HIGH" alone, but in a specific
10634 order where the PSK ciphersuites come first (since they are the
10635 most recently disabled ciphersuites when "HIGH" is parsed).
10639 ciphersuites, ephemeral ECDH is preferred over ephemeral DH in
10645 arranges the ciphersuites in reasonable order before starting
10797 on the other hand, since these are separate ciphersuites. The
10798 unused code for Fortezza ciphersuites has been removed.
10808 available, and ECC ciphersuites are no longer excluded from "ALL"
10810 ciphersuites, most of these by analogy with the DH case:
10969 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
11001 ECC ciphersuites from draft-ietf-tls-ecc-12.txt.
11005 * Add initial support for RFC 4279 PSK TLS ciphersuites. Add members
11009 New ciphersuites:
11452 to ensure that even with this option, only ciphersuites in the
11790 add SEED ciphersuites from RFC 4162:
11854 authentication-only ciphersuites.
11922 * Since 0.9.8b, ciphersuite strings naming explicit ciphersuites
11928 "RC4-MD5" that intentionally matched multiple ciphersuites --
11929 namely, SSL 2.0 ciphersuites in addition to the more common ones
11938 Since SSL 2.0 does not have any ciphersuites for which the
11964 * Disable "ECCdraft" ciphersuites more thoroughly. Now special
11965 treatment in ssl/ssl_ciph.s makes sure that these ciphersuites
11968 non-experimental use of the ECC ciphersuites to get TLS extension
11974 * Disable rogue ciphersuites:
11981 draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
11984 Also deactivate the remaining ciphersuites from
11985 draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
11998 Also, add Camellia TLS ciphersuites from RFC 4132.
12026 * Update support for ECC-based TLS ciphersuites according to
12441 * Update support for ECC-based TLS ciphersuites according to
12771 * Add support for ECC-based ciphersuites from draft-ietf-tls-ecc-01.txt.
13036 authentication-only ciphersuites.
13116 * Disable rogue ciphersuites:
13123 draft-ietf-tls-56-bit-ciphersuites-0[01].txt, but do not really
13126 Also deactivate the remaining ciphersuites from
13127 draft-ietf-tls-56-bit-ciphersuites-01.txt. These are just as
13271 size for static RSA ciphersuites) as well as client server and random
13361 * Fix flaw in SSL/TLS handshaking when using Kerberos ciphersuites
13795 (E.g., cipher list string "RSA" enables ciphersuites that are left
13797 "RSA:!COMPLEMEMENTOFALL" avoids these unsafe ciphersuites.)
14981 the clients preferred ciphersuites and rather use its own preferences.
15009 Add TLS AES ciphersuites as described in RFC3268, "Advanced
15950 in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
16661 DH ciphersuites.
17450 i.e. non-zero for export ciphersuites, zero otherwise.
18238 ciphersuites has been selected (as required by the SSL 3/TLS 1
19010 ciphersuites in SSL/TLS servers (see ssl/ssltest.c). It is of
19712 * Fix new 56-bit DES export ciphersuites: they were using 7 bytes instead of
20065 * Disable new TLS1 ciphersuites by default: they aren't official yet.
20098 * Permit null encryption ciphersuites, used for authentication only. It used
20245 * Add support for new TLS ciphersuites, TLS_RSA_EXPORT56_WITH_RC4_56_MD5,
20248 Suites For TLS", draft-ietf-tls-56-bit-ciphersuites-00.txt.
