git://git.exim.org / exim.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ff4dbb1)
(1) Fixed the cipher preference order for GnuTLS client usage.
authorPhilip Hazel <ph10@hermes.cam.ac.uk>
Tue, 21 Dec 2004 09:26:31 +0000 (09:26 +0000)
committerPhilip Hazel <ph10@hermes.cam.ac.uk>
Tue, 21 Dec 2004 09:26:31 +0000 (09:26 +0000)
(2) Fixed a small bug in the runtest script.

doc/doc-txt/ChangeLog patch | blob | history
src/src/tls-gnu.c patch | blob | history

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index a12145aebedd837c6cf722af90c66953c8e02715..32606ba91cf162a3bda9ee9051a21c2d8b94e901 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -1,4 +1,4 @@
-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.47 2004/12/20 15:24:27 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.48 2004/12/21 09:26:31 ph10 Exp $
 
 Change log file for Exim from version 4.21
 -------------------------------------------
@@ -203,6 +203,10 @@ Exim version 4.50
     contradicting the general specification for all authenticators. Instead it
     was generating a temporary error. It now behaves as specified.
 
+50. The default ordering of permitted cipher suites for GnuTLS was pessimal
+    (the order specifies the preference for clients). The order is now AES256,
+    AES128, 3DES, ARCFOUR128.
+
 
 Exim version 4.43
 -----------------
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index ade383e42a5908235084bd694dfef1f3b04282c3..9c9e437759ef7c87a5231665cc66e608f1ca1003 100644 (file)
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/tls-gnu.c,v 1.2 2004/11/25 10:26:04 ph10 Exp $ */
+/* $Cambridge: exim/src/src/tls-gnu.c,v 1.3 2004/12/21 09:26:31 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -59,10 +59,10 @@ static const int kx_priority[16] = {
   0 };
 
 static int default_cipher_priority[16] = {
-  GNUTLS_CIPHER_ARCFOUR_128,
+  GNUTLS_CIPHER_AES_256_CBC,
   GNUTLS_CIPHER_AES_128_CBC,
   GNUTLS_CIPHER_3DES_CBC,
-  GNUTLS_CIPHER_ARCFOUR_40,
+  GNUTLS_CIPHER_ARCFOUR_128,
   0 };
 
 static int cipher_priority[16];
Master Exim source repository