[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-101-g2d3c

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-101-g2d3c156
Date:	Wed, 16 Feb 2011 19:55:18 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2d3c1568f4440d5b83c47b05bfbf0064643aa50b

The branch, gnutls_2_12_x has been updated
       via  2d3c1568f4440d5b83c47b05bfbf0064643aa50b (commit)
      from  5ccf2978641d313ec5a1dc77c7475820076f77a3 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 2d3c1568f4440d5b83c47b05bfbf0064643aa50b
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Wed Feb 16 20:54:36 2011 +0100

    reorganization of ciphersuite discussion.

-----------------------------------------------------------------------

Summary of changes:
 doc/cha-intro-tls.texi |   64 ++++++++++++++++++++++-------------------------
 1 files changed, 30 insertions(+), 34 deletions(-)

diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index fd332b7..d694d4d 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -316,10 +316,38 @@ To set whether client certificate is required or not.
 To initiate the handshake.
 @end table
 
address@hidden TLS Cipher Suites
+
+The Handshake Protocol of @acronym{TLS} negotiates cipher suites of
+the form @code{TLS_DHE_RSA_WITH_3DES_CBC_SHA}.  The usual cipher
+suites contain these parameters:
+
address@hidden
+
address@hidden The key exchange algorithm.
address@hidden in the example.
+
address@hidden The Symmetric encryption algorithm and mode
address@hidden in this example.
+
address@hidden The address@hidden stands for Message Authentication Code. It 
can be described as a keyed hash algorithm. See RFC2104.} algorithm used for 
authentication.
address@hidden is used in the above example.
+
address@hidden itemize
+
+The cipher suite negotiated in the handshake protocol will affect the
+Record Protocol, by enabling encryption and data authentication.  Note
+that you should not over rely on @acronym{TLS} to negotiate the
+strongest available cipher suite. Do not enable ciphers and algorithms
+that you consider weak.
+
+All the supported ciphersuites are shown in @ref{ciphersuites}.
+
 @subsection Priority strings
-The previously shown priority functions accept a string
+In order to specify cipher suite preferences, the
+previously shown priority functions accept a string
 that specifies the algorithms to be enabled in a TLS handshake.
-This string may contain some high level keyword such as:
+That string may contain some high level keyword such as:
 
 @table @asis
 @item PERFORMANCE:
@@ -463,38 +491,6 @@ will allow V1 CAs in chains.
 
 @end table
 
address@hidden TLS Cipher Suites
-
-The Handshake Protocol of @acronym{TLS} negotiates cipher suites of
-the form @code{TLS_DHE_RSA_WITH_3DES_CBC_SHA}.  The usual cipher
-suites contain these parameters:
-
address@hidden
-
address@hidden The key exchange algorithm.
address@hidden in the example.
-
address@hidden The Symmetric encryption algorithm and mode
address@hidden in this example.
-
address@hidden The address@hidden stands for Message Authentication Code. It 
can be described as a keyed hash algorithm. See RFC2104.} algorithm used for 
authentication.
address@hidden is used in the above example.
-
address@hidden itemize
-
-The cipher suite negotiated in the handshake protocol will affect the
-Record Protocol, by enabling encryption and data authentication.  Note
-that you should not over rely on @acronym{TLS} to negotiate the
-strongest available cipher suite. Do not enable ciphers and algorithms
-that you consider weak.
-
-The priority functions, dicussed above, allow the application layer to
-enable and set priorities on the individual ciphers. It may imply that
-all combinations of ciphersuites are allowed, but this is not
-true. For several reasons, not discussed here, some combinations were
-not defined in the @acronym{TLS} protocol.  The supported ciphersuites
-are shown in @ref{ciphersuites}.
-
 @subsection Client Authentication
 @cindex Client Certificate authentication
 


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_11_6-101-g2d3c156, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-155-gb9bd3bc
Next by Date: [SCM] GNU gnutls branch, dtls, created. gnutls_2_11_6-191-g31c0971
Previous by thread: [SCM] GNU gnutls branch, master, updated. gnutls_2_11_6-155-gb9bd3bc
Next by thread: [SCM] GNU gnutls branch, dtls, created. gnutls_2_11_6-191-g31c0971
Index(es):
- Date
- Thread