[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-101-g2d3c
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-101-g2d3c156 |
Date: |
Wed, 16 Feb 2011 19:55:18 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2d3c1568f4440d5b83c47b05bfbf0064643aa50b
The branch, gnutls_2_12_x has been updated
via 2d3c1568f4440d5b83c47b05bfbf0064643aa50b (commit)
from 5ccf2978641d313ec5a1dc77c7475820076f77a3 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2d3c1568f4440d5b83c47b05bfbf0064643aa50b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Wed Feb 16 20:54:36 2011 +0100
reorganization of ciphersuite discussion.
-----------------------------------------------------------------------
Summary of changes:
doc/cha-intro-tls.texi | 64 ++++++++++++++++++++++-------------------------
1 files changed, 30 insertions(+), 34 deletions(-)
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index fd332b7..d694d4d 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -316,10 +316,38 @@ To set whether client certificate is required or not.
To initiate the handshake.
@end table
address@hidden TLS Cipher Suites
+
+The Handshake Protocol of @acronym{TLS} negotiates cipher suites of
+the form @code{TLS_DHE_RSA_WITH_3DES_CBC_SHA}. The usual cipher
+suites contain these parameters:
+
address@hidden
+
address@hidden The key exchange algorithm.
address@hidden in the example.
+
address@hidden The Symmetric encryption algorithm and mode
address@hidden in this example.
+
address@hidden The address@hidden stands for Message Authentication Code. It
can be described as a keyed hash algorithm. See RFC2104.} algorithm used for
authentication.
address@hidden is used in the above example.
+
address@hidden itemize
+
+The cipher suite negotiated in the handshake protocol will affect the
+Record Protocol, by enabling encryption and data authentication. Note
+that you should not over rely on @acronym{TLS} to negotiate the
+strongest available cipher suite. Do not enable ciphers and algorithms
+that you consider weak.
+
+All the supported ciphersuites are shown in @ref{ciphersuites}.
+
@subsection Priority strings
-The previously shown priority functions accept a string
+In order to specify cipher suite preferences, the
+previously shown priority functions accept a string
that specifies the algorithms to be enabled in a TLS handshake.
-This string may contain some high level keyword such as:
+That string may contain some high level keyword such as:
@table @asis
@item PERFORMANCE:
@@ -463,38 +491,6 @@ will allow V1 CAs in chains.
@end table
address@hidden TLS Cipher Suites
-
-The Handshake Protocol of @acronym{TLS} negotiates cipher suites of
-the form @code{TLS_DHE_RSA_WITH_3DES_CBC_SHA}. The usual cipher
-suites contain these parameters:
-
address@hidden
-
address@hidden The key exchange algorithm.
address@hidden in the example.
-
address@hidden The Symmetric encryption algorithm and mode
address@hidden in this example.
-
address@hidden The address@hidden stands for Message Authentication Code. It
can be described as a keyed hash algorithm. See RFC2104.} algorithm used for
authentication.
address@hidden is used in the above example.
-
address@hidden itemize
-
-The cipher suite negotiated in the handshake protocol will affect the
-Record Protocol, by enabling encryption and data authentication. Note
-that you should not over rely on @acronym{TLS} to negotiate the
-strongest available cipher suite. Do not enable ciphers and algorithms
-that you consider weak.
-
-The priority functions, dicussed above, allow the application layer to
-enable and set priorities on the individual ciphers. It may imply that
-all combinations of ciphersuites are allowed, but this is not
-true. For several reasons, not discussed here, some combinations were
-not defined in the @acronym{TLS} protocol. The supported ciphersuites
-are shown in @ref{ciphersuites}.
-
@subsection Client Authentication
@cindex Client Certificate authentication
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-101-g2d3c156,
Nikos Mavrogiannopoulos <=