a57dcfb69c
The new APIs are SSL_CTX_set_strict_cipher_list() and SSL_set_strict_cipher_list(). They have two motivations: First, typos in cipher lists can go undetected for a long time, and can have surprising consequences when silently ignored. Second, there is a tendency to use superstition in the construction of cipher lists, for example by "turning off" things that do not actually exist. This leads to the corrosive belief that DEFAULT and ALL ought not to be trusted. This belief is false. Change-Id: I42909b69186e0b4cf45457e5c0bc968f6bbf231a Reviewed-on: https://boringssl-review.googlesource.com/13925 Commit-Queue: Matt Braithwaite <mab@google.com> Reviewed-by: Matt Braithwaite <mab@google.com> |
||
---|---|---|
.. | ||
args.cc | ||
ciphers.cc | ||
client.cc | ||
CMakeLists.txt | ||
const.cc | ||
digest.cc | ||
generate_ed25519.cc | ||
genrsa.cc | ||
internal.h | ||
pkcs12.cc | ||
rand.cc | ||
server.cc | ||
speed.cc | ||
tool.cc | ||
transport_common.cc | ||
transport_common.h |