OLD | NEW |
1 /* ssl/ssl_ciph.c */ | 1 /* ssl/ssl_ciph.c */ |
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
3 * All rights reserved. | 3 * All rights reserved. |
4 * | 4 * |
5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
8 * | 8 * |
9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
(...skipping 1424 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1435 disabled_mkey, disabled_auth, disabled_enc, d
isabled_mac, disabled_ssl, | 1435 disabled_mkey, disabled_auth, disabled_enc, d
isabled_mac, disabled_ssl, |
1436 co_list, &head, &tail); | 1436 co_list, &head, &tail); |
1437 | 1437 |
1438 | 1438 |
1439 /* Now arrange all ciphers by preference: */ | 1439 /* Now arrange all ciphers by preference: */ |
1440 | 1440 |
1441 /* Everything else being equal, prefer ephemeral ECDH over other key exc
hange mechanisms */ | 1441 /* Everything else being equal, prefer ephemeral ECDH over other key exc
hange mechanisms */ |
1442 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &hea
d, &tail); | 1442 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &hea
d, &tail); |
1443 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &hea
d, &tail); | 1443 ssl_cipher_apply_rule(0, SSL_kEECDH, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &hea
d, &tail); |
1444 | 1444 |
1445 » /* AES is our preferred symmetric cipher */ | 1445 » /* CHACHA20 is fast and safe on all hardware and is thus our preferred |
| 1446 » * symmetric cipher, with AES second. */ |
| 1447 » ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305, 0, 0, 0, CIPHER_ADD
, -1, &head, &tail); |
1446 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head,
&tail); | 1448 ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0, CIPHER_ADD, -1, &head,
&tail); |
1447 | 1449 |
1448 /* Temporarily enable everything else for sorting */ | 1450 /* Temporarily enable everything else for sorting */ |
1449 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail)
; | 1451 ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail)
; |
1450 | 1452 |
1451 /* Low priority for MD5 */ | 1453 /* Low priority for MD5 */ |
1452 ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head,
&tail); | 1454 ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head,
&tail); |
1453 | 1455 |
1454 /* Move anonymous ciphers to the end. Usually, these will remain disabl
ed. | 1456 /* Move anonymous ciphers to the end. Usually, these will remain disabl
ed. |
1455 * (For applications that allow them, they aren't too bad, but we prefer | 1457 * (For applications that allow them, they aren't too bad, but we prefer |
(...skipping 478 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1934 } | 1936 } |
1935 | 1937 |
1936 const char *SSL_COMP_get_name(const COMP_METHOD *comp) | 1938 const char *SSL_COMP_get_name(const COMP_METHOD *comp) |
1937 { | 1939 { |
1938 if (comp) | 1940 if (comp) |
1939 return comp->name; | 1941 return comp->name; |
1940 return NULL; | 1942 return NULL; |
1941 } | 1943 } |
1942 | 1944 |
1943 #endif | 1945 #endif |
OLD | NEW |