Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
gnutls
0004-hmac-sha384-and-sha256-ciphersuites-were-r...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0004-hmac-sha384-and-sha256-ciphersuites-were-removed-fro.patch of Package gnutls
From 29ffa2a1fa4cc396c5d1563a3e5cdca0174de28b Mon Sep 17 00:00:00 2001 From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Date: Wed, 20 Jun 2018 13:00:00 +0200 Subject: [PATCH 4/4] hmac-sha384 and sha256 ciphersuites were removed from defaults These ciphersuites are deprecated since the introduction of AEAD ciphersuites, and are only necessary for compatibility with older servers. Since older servers already support hmac-sha1 there is no reason to keep these ciphersuites enabled by default, as they increase our attack surface. Relates #456 --- lib/gnutls_priority.c | 8 -------- tests/priorities.c | 10 +++++----- 2 files changed, 5 insertions(+), 13 deletions(-) Index: gnutls-3.2.15/lib/gnutls_priority.c =================================================================== --- gnutls-3.2.15.orig/lib/gnutls_priority.c 2018-08-27 13:55:14.591522147 +0200 +++ gnutls-3.2.15/lib/gnutls_priority.c 2018-08-27 14:01:16.361902629 +0200 @@ -463,8 +463,6 @@ static const int sign_priority_secure192 static const int mac_priority_normal[] = { GNUTLS_MAC_SHA1, - GNUTLS_MAC_SHA256, - GNUTLS_MAC_SHA384, GNUTLS_MAC_AEAD, GNUTLS_MAC_MD5, 0 @@ -482,15 +480,11 @@ static const int mac_priority_suiteb192[ static const int mac_priority_secure128[] = { GNUTLS_MAC_SHA1, - GNUTLS_MAC_SHA256, - GNUTLS_MAC_SHA384, GNUTLS_MAC_AEAD, 0 }; static const int mac_priority_secure192[] = { - GNUTLS_MAC_SHA256, - GNUTLS_MAC_SHA384, GNUTLS_MAC_AEAD, 0 }; Index: gnutls-3.2.15/tests/priorities.c =================================================================== --- gnutls-3.2.15.orig/tests/priorities.c 2018-08-27 13:55:15.687529359 +0200 +++ gnutls-3.2.15/tests/priorities.c 2018-08-27 14:17:25.992145299 +0200 @@ -92,18 +92,18 @@ try_prio(const char *prio, unsigned expe void doit(void) { - const int normal = 66; - const int null = 5; - const int sec128 = 56; + const int normal = 46; + const int null = 4; + const int sec128 = 36; try_prio("NORMAL", normal, 10); try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 10); try_prio("NORMAL:+CIPHER-ALL", normal, 10); /* all (except null) */ try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1); /* null */ try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal + null, 11); /* should be null + all */ - try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 10, 1); /* should be null + all */ + try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 5, 1); try_prio("PERFORMANCE", normal, 10); - try_prio("SECURE256", 20, 4); + try_prio("SECURE256", 10, 4); try_prio("SECURE128", sec128, 8); try_prio("SECURE128:+SECURE256", sec128, 8); /* should be the same as SECURE128 */ try_prio("SECURE128:+SECURE256:+NORMAL", normal, 10); /* should be the same as NORMAL */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor