]> ruderich.org/simon Gitweb - tlsproxy/tlsproxy.git/commitdiff
Use "SECURE:-SHA1:+SHA1" as GnuTLS priority string.
authorSimon Ruderich <simon@ruderich.org>
Wed, 14 Aug 2013 12:18:40 +0000 (14:18 +0200)
committerSimon Ruderich <simon@ruderich.org>
Wed, 14 Aug 2013 12:18:40 +0000 (14:18 +0200)
src/tlsproxy.h

index fae7d60dec4dbfd0647b2ad5017abbf17a1ee8ad..33df814f622331f3b6ab464858fd749c19758f26 100644 (file)
 #define STORED_SERVER_CERT_FILE_FORMAT "./certificate-%s-server.pem"
 
 /* GnuTLS priority string used for both server and client connections. */
-#define PROXY_TLS_PRIORITIES "NORMAL"
+#define PROXY_TLS_PRIORITIES \
+    /* Don't use known insecure algorithms. */ \
+    "SECURE" \
+    /* Lower priority of SHA-1, user better hashes if possible. */ \
+    ":-SHA1:+SHA1"
 
 
 /* Proxy hostname and port if specified on the command line. */