projects / gnutls:gnutls.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d6a0aa4) | patch
DSA signatures and DHE-DSS are disabled by default
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Tue, 3 Mar 2015 08:31:16 +0000 (09:31 +0100)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Tue, 3 Mar 2015 08:31:17 +0000 (09:31 +0100)
commiteb30decc3dbaff325fa627ea4644417197d9307c
treed6efdfcab395d3f89b53332a9af88e80672582b2tree | snapshot
parentd6a0aa46399f8e223295d946c979dc22a35fd493commit | diff
DSA signatures and DHE-DSS are disabled by default

DSA was an algorithm that was never deployed on the Internet
and had, until very recently, several limitations such as
restriction of its keys to 1024 bits, SHA1-only etc. Given
that there are literally 0 internet (HTTPS) certificates using
DSA, there is no point to enable it by default and increase
our attack surface.
lib/gnutls_priority.c diff | blob | history
Unnamed repository; edit this file to name it for gitweb.