Page MenuHomeFreeBSD

ktls: Reject some invalid cipher suites.
ClosedPublic

Authored by jhb on Nov 5 2021, 12:04 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Jul 3, 9:07 PM
Unknown Object (File)
Fri, Jun 26, 11:01 PM
Unknown Object (File)
Wed, Jun 24, 12:45 PM
Unknown Object (File)
Thu, Jun 11, 5:47 PM
Unknown Object (File)
Wed, Jun 10, 12:04 AM
Unknown Object (File)
May 21 2026, 5:00 PM
Unknown Object (File)
May 20 2026, 10:12 AM
Unknown Object (File)
May 19 2026, 4:36 AM
Subscribers

Details

Summary
  • Reject AES-CBC cipher suites for TLS 1.0 and TLS 1.1 using auth algorithms other than SHA1-HMAC.
  • Reject AES-GCM cipher suites for TLS versions older than 1.2.

Sponsored by: Netflix

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable