Branch: Tag:

2015-09-02

2015-09-02 20:08:06 by Martin Nilsson <nilsson@fastmail.com>

Truncated HMAC may be a security issues, and isn't really supported by anyone else. Disable it by default.

226:    startup time and reduce memory usage for servers with many    sites. Dynamic loading and unloaded could be part of the same    mechanism as the Context selection mentioned above. +  +  Truncated HMAC is only supported on the server side. It has +  however been mentioned on the IETF TLS mailing list that there +  are security issues with truncated HMAC, so this is only +  lacking for completeness.