Commit 01edb104 authored by Manuel Pégourié-Gonnard's avatar Manuel Pégourié-Gonnard Committed by Paul Bakker
Browse files

Add POLARSSL_REMOVE_RC4_CIPHERSUITES

parent 2a45d1c8
......@@ -18,6 +18,8 @@ Features
* Blowfish in the cipher layer now supports variable length keys.
* Add example config.h for PSK with CCM, optimized for low RAM usage.
* Optimize for RAM usage in example config.h for NSA Suite B profile.
* Add POLARSSL_REMOVE_ARC4_CIPHERSUITES to allow removing RC4 ciphersuites
from the default list (inactive by default).
Changes
* Add LINK_WITH_PTHREAD option in CMake for explicit linking that is
......
......@@ -314,6 +314,19 @@
*/
//#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
/**
* \def POLARSSL_REMOVE_ARC4_CIPHERSUITES
*
* Remove RC4 ciphersuites by default in SSL / TLS.
* This flag removes the ciphersuites based on RC4 from the default list as
* returned by ssl_list_ciphersuites(). However, it is still possible to
* enable (some of) them with ssl_set_ciphersuites() by including them
* explicitly.
*
* Uncomment this macro to remove RC4 ciphersuites by default.
*/
//#define POLARSSL_REMOVE_ARC4_CIPHERSUITES
/**
* \def POLARSSL_ECP_XXXX_ENABLED
*
......
......@@ -1694,7 +1694,13 @@ const int *ssl_list_ciphersuites( void )
for( i = 0; i < max - 1 && p[i] != 0; i++ )
{
#if defined(POLARSSL_REMOVE_ARC4_CIPHERSUITES)
const ssl_ciphersuite_t *cs_info;
if( ( cs_info = ssl_ciphersuite_from_id( p[i] ) ) != NULL &&
cs_info->cipher != POLARSSL_CIPHER_ARC4_128 )
#else
if( ssl_ciphersuite_from_id( p[i] ) != NULL )
#endif
*(q++) = p[i];
}
*q = 0;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment