Merge new security defaults for programs (RC4 disabled, SSL3 disabled)

2026-02-19 00:39:46 +00:00 · 2015-01-14 16:26:54 +01:00
parent 36adc3631c fa06581c73
commit 5b8f7eaa3e
14 changed files with 149 additions and 23 deletions
--- a/4
+++ b/4
@@ -33,6 +33,8 @@ Features
     for pre-1.2 clients when multiple certificates are available.
   * Add support for getrandom() syscall on recent Linux kernels with Glibc or
     a compatible enough libc (eg uClibc).
+   * Add ssl_set_arc4_support() to make it easier to diable RC4 at runtime
+     while using the default ciphersuite list.

 Bugfix
   * Stack buffer overflow if ctr_drbg_update() is called with too large
@@ -60,6 +62,8 @@ Changes
     with a suitable (extended)KeyUsage or curve or no PSK set.
   * It is now possible to disable neogtiation of truncated HMAC server-side
     at runtime with ssl_set_truncated_hmac().
+   * Example programs for SSL client and server now disable SSLv3 by default.
+   * Example programs for SSL client and server now disable RC4 by default.

 = PolarSSL 1.3.9 released 2014-10-20
 Security