pike.git / lib / modules / SSL.pmod / Context.pike

version» Context lines:

pike.git/lib/modules/SSL.pmod/Context.pike:255:   // The larger the value, the stronger the cipher suite.   protected int cipher_suite_sort_key(int suite)   {    array(int) info = [array(int)] (CIPHER_SUITES[suite] || ({ 0, 0, 0 }));       int keylength = CIPHER_effective_keylengths[info[1]];       // NB: Currently the hash algorithms are allocated in a suitable order.    int hash = info[2];    +  // Adjust for the cipher mode.    if (sizeof(info) > 3) {    hash |= info[3]<<5; -  +  if (info[3] == MODE_cbc) { +  // CBC. +  keylength >>= 1;    } -  +  } else { +  // Old suite; CBC or RC4. +  // This adjustment is to make some browsers (like eg Chrome) +  // stop complaining, by preferring AES128/GCM to AES256/CBC. +  keylength >>= 1; +  }       // NB: As are the cipher ids if you disregard the keylengths.    int cipher = info[1];       // FIXME: I'm not quite sure about the priorities here.    int ke_prio = ([    KE_null: 0,    KE_dh_anon: 1,    KE_ecdh_anon: 2,    KE_fortezza: 3,