From 3123fc1e16a763eb4614ebca4fc6bc80142021a9 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Wed, 14 Aug 2013 14:18:40 +0200 Subject: [PATCH] Use "SECURE:-SHA1:+SHA1" as GnuTLS priority string. --- src/tlsproxy.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/tlsproxy.h b/src/tlsproxy.h index fae7d60..33df814 100644 --- a/src/tlsproxy.h +++ b/src/tlsproxy.h @@ -51,7 +51,11 @@ #define STORED_SERVER_CERT_FILE_FORMAT "./certificate-%s-server.pem" /* GnuTLS priority string used for both server and client connections. */ -#define PROXY_TLS_PRIORITIES "NORMAL" +#define PROXY_TLS_PRIORITIES \ + /* Don't use known insecure algorithms. */ \ + "SECURE" \ + /* Lower priority of SHA-1, user better hashes if possible. */ \ + ":-SHA1:+SHA1" /* Proxy hostname and port if specified on the command line. */ -- 2.45.2