From 26dd5a9508b34248285532c97a135b64aab1ec06 Mon Sep 17 00:00:00 2001 From: Philip Hazel Date: Tue, 21 Dec 2004 09:26:31 +0000 Subject: (1) Fixed the cipher preference order for GnuTLS client usage. (2) Fixed a small bug in the runtest script. --- doc/doc-txt/ChangeLog | 6 +++++- src/src/tls-gnu.c | 6 +++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index a12145aeb..32606ba91 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.47 2004/12/20 15:24:27 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.48 2004/12/21 09:26:31 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -203,6 +203,10 @@ Exim version 4.50 contradicting the general specification for all authenticators. Instead it was generating a temporary error. It now behaves as specified. +50. The default ordering of permitted cipher suites for GnuTLS was pessimal + (the order specifies the preference for clients). The order is now AES256, + AES128, 3DES, ARCFOUR128. + Exim version 4.43 ----------------- diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index ade383e42..9c9e43775 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/tls-gnu.c,v 1.2 2004/11/25 10:26:04 ph10 Exp $ */ +/* $Cambridge: exim/src/src/tls-gnu.c,v 1.3 2004/12/21 09:26:31 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -59,10 +59,10 @@ static const int kx_priority[16] = { 0 }; static int default_cipher_priority[16] = { - GNUTLS_CIPHER_ARCFOUR_128, + GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_ARCFOUR_40, + GNUTLS_CIPHER_ARCFOUR_128, 0 }; static int cipher_priority[16]; -- cgit v1.2.3