Branch: Tag:

2016-03-04

2016-03-04 10:19:30 by Henrik Grubbström (Grubba) <grubba@grubba.org>

SSL: Prefer AEAD suites to CBC suites of double the key length.

This makes eg AES128/GCM to be preferred to AES256/CBC.

339:    // NB: Currently the hash algorithms are allocated in a suitable order.    int hash = info[2];    +  // Adjust for the cipher mode.    if (sizeof(info) > 3) {    hash |= info[3]<<5; -  +  if (info[3] == MODE_cbc) { +  // CBC. +  keylength >>= 1;    } -  +  } else { +  // Old suite; CBC or RC4. +  // This adjustment is to make some browsers (like eg Chrome) +  // stop complaining, by preferring AES128/GCM to AES256/CBC. +  keylength >>= 1; +  }       // NB: As are the cipher ids if you disregard the keylengths.    int cipher = info[1];