[SCM] GNU gnutls branch, master, updated. gnutls_2_11

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-155-gb9bd3bc

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-155-gb9bd3bc
Date:	Wed, 16 Feb 2011 19:54:48 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=b9bd3bc58129371e50bfb9eaf920221a82559037

The branch, master has been updated
       via  b9bd3bc58129371e50bfb9eaf920221a82559037 (commit)
      from  85b271f5fd0bb5d9bdd9e3fcb0923158615047b3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b9bd3bc58129371e50bfb9eaf920221a82559037
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Wed Feb 16 20:54:36 2011 +0100

    reorganization of ciphersuite discussion.

-----------------------------------------------------------------------

Summary of changes:
 doc/cha-intro-tls.texi |   64 ++++++++++++++++++++++-------------------------
 1 files changed, 30 insertions(+), 34 deletions(-)

diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 0535234..c6f3fab 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -316,10 +316,38 @@ To set whether client certificate is required or not.
 To initiate the handshake.
 @end table
 
address@hidden TLS Cipher Suites
+
+The Handshake Protocol of @acronym{TLS} negotiates cipher suites of
+the form @code{TLS_DHE_RSA_WITH_3DES_CBC_SHA}.  The usual cipher
+suites contain these parameters:
+
address@hidden
+
address@hidden The key exchange algorithm.
address@hidden in the example.
+
address@hidden The Symmetric encryption algorithm and mode
address@hidden in this example.
+
address@hidden The address@hidden stands for Message Authentication Code. It 
can be described as a keyed hash algorithm. See RFC2104.} algorithm used for 
authentication.
address@hidden is used in the above example.
+
address@hidden itemize
+
+The cipher suite negotiated in the handshake protocol will affect the
+Record Protocol, by enabling encryption and data authentication.  Note
+that you should not over rely on @acronym{TLS} to negotiate the
+strongest available cipher suite. Do not enable ciphers and algorithms
+that you consider weak.
+
+All the supported ciphersuites are shown in @ref{ciphersuites}.
+
 @subsection Priority strings
-The previously shown priority functions accept a string
+In order to specify cipher suite preferences, the
+previously shown priority functions accept a string
 that specifies the algorithms to be enabled in a TLS handshake.
-This string may contain some high level keyword such as:
+That string may contain some high level keyword such as:
 
 @table @asis
 @item PERFORMANCE:
@@ -464,38 +492,6 @@ will allow V1 CAs in chains.
 
 @end table
 
address@hidden TLS Cipher Suites
-
-The Handshake Protocol of @acronym{TLS} negotiates cipher suites of
-the form @code{TLS_DHE_RSA_WITH_3DES_CBC_SHA}.  The usual cipher
-suites contain these parameters:
-
address@hidden
-
address@hidden The key exchange algorithm.
address@hidden in the example.
-
address@hidden The Symmetric encryption algorithm and mode
address@hidden in this example.
-
address@hidden The address@hidden stands for Message Authentication Code. It 
can be described as a keyed hash algorithm. See RFC2104.} algorithm used for 
authentication.
address@hidden is used in the above example.
-
address@hidden itemize
-
-The cipher suite negotiated in the handshake protocol will affect the
-Record Protocol, by enabling encryption and data authentication.  Note
-that you should not over rely on @acronym{TLS} to negotiate the
-strongest available cipher suite. Do not enable ciphers and algorithms
-that you consider weak.
-
-The priority functions, dicussed above, allow the application layer to
-enable and set priorities on the individual ciphers. It may imply that
-all combinations of ciphersuites are allowed, but this is not
-true. For several reasons, not discussed here, some combinations were
-not defined in the @acronym{TLS} protocol.  The supported ciphersuites
-are shown in @ref{ciphersuites}.
-
 @subsection Client Authentication
 @cindex Client Certificate authentication
 


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-155-gb9bd3bc, Nikos Mavrogiannopoulos <=

Prev by Date: Hydra job gnu:gnutls-master:build build 917737: Dependency failed
Next by Date: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-101-g2d3c156
Previous by thread: Hydra job gnu:gnutls-master:build build 917737: Dependency failed
Next by thread: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-101-g2d3c156
Index(es):
- Date
- Thread