Commit b1738c8d authored by Rémi Denis-Courmont's avatar Rémi Denis-Courmont

Enable AES 256 with TLS.

DISCLAIMER: libgcrypt includes various strong cryptographic ciphers.
VLC now has 256-bits ciphers, and already had 128-bits ciphers for some
time. Please check with your lawyer and country-specific homeland
security bureau. In France, *usage* is completely free. Supply, import
and export are not.
parent 839bc0fb
......@@ -430,6 +430,7 @@ gnutls_SetPriority (vlc_object_t *restrict obj, const char *restrict name,
static int
gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
{
/* Note that ordering matters (on the client side) */
static const int protos[] =
{
GNUTLS_TLS1_1,
......@@ -439,10 +440,31 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
};
static const int comps[] =
{
GNUTLS_COMP_ZLIB,
GNUTLS_COMP_DEFLATE,
GNUTLS_COMP_NULL,
0
};
static const int macs[] =
{
GNUTLS_MAC_SHA1,
GNUTLS_MAC_RMD160, // RIPEMD
GNUTLS_MAC_MD5,
//GNUTLS_MAC_MD2,
//GNUTLS_MAC_NULL,
0
};
static const int ciphers[] =
{
GNUTLS_CIPHER_AES_256_CBC,
GNUTLS_CIPHER_AES_128_CBC,
GNUTLS_CIPHER_3DES_CBC,
GNUTLS_CIPHER_ARCFOUR_128,
//GNUTLS_CIPHER_DES_CBC,
//GNUTLS_CIPHER_ARCFOUR_40,
//GNUTLS_CIPHER_RC2_40_CBC,
//GNUTLS_CIPHER_NULL,
0
};
static const int cert_types[] =
{
GNUTLS_CRT_X509,
......@@ -462,6 +484,10 @@ gnutls_SessionPrioritize (vlc_object_t *obj, gnutls_session_t session)
gnutls_protocol_set_priority, session, protos)
|| gnutls_SetPriority (obj, "compressions",
gnutls_compression_set_priority, session, comps)
|| gnutls_SetPriority (obj, "MAC",
gnutls_mac_set_priority, session, macs)
|| gnutls_SetPriority (obj, "ciphers",
gnutls_cipher_set_priority, session, ciphers)
|| gnutls_SetPriority (obj, "certificate types",
gnutls_certificate_type_set_priority, session,
cert_types))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment