diff options
| author | Reyk Floeter <reyk@cvs.openbsd.org> | 2007-02-24 16:14:03 +0000 |
|---|---|---|
| committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2007-02-24 16:14:03 +0000 |
| commit | 2e3b2176c855a2c4173dcc4c2f79a5e3d24d1270 (patch) | |
| tree | e5ac4791106f8a176ea3d3baa9a3f1ba7c25d6ad /usr.sbin | |
| parent | dea580a9986dc2431d84eb0bc9d0d21ad14781cf (diff) | |
disable anonymous DH by default (cipher suite HIGH:!ADH instead of HIGH).
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/hoststated/hoststated.conf.5 | 6 | ||||
| -rw-r--r-- | usr.sbin/hoststated/hoststated.h | 4 | ||||
| -rw-r--r-- | usr.sbin/relayd/relayd.conf.5 | 6 | ||||
| -rw-r--r-- | usr.sbin/relayd/relayd.h | 4 |
4 files changed, 10 insertions, 10 deletions
diff --git a/usr.sbin/hoststated/hoststated.conf.5 b/usr.sbin/hoststated/hoststated.conf.5 index 2576c5a39e6..b3d36fa0740 100644 --- a/usr.sbin/hoststated/hoststated.conf.5 +++ b/usr.sbin/hoststated/hoststated.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: hoststated.conf.5,v 1.25 2007/02/24 15:48:54 reyk Exp $ +.\" $OpenBSD: hoststated.conf.5,v 1.26 2007/02/24 16:14:02 reyk Exp $ .\" .\" Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> .\" @@ -518,8 +518,8 @@ Valid options are: .It Ic ciphers Ar string Set the string defining the SSL cipher suite. If not specified, the default value -.Ar HIGH -to force strong crypto cipher suites will be used. +.Ar HIGH:!ADH +will be used (strong crypto cipher suites without anonymous DH). See the .Sx CIPHERS section of diff --git a/usr.sbin/hoststated/hoststated.h b/usr.sbin/hoststated/hoststated.h index 977a22b8c2a..68bac435032 100644 --- a/usr.sbin/hoststated/hoststated.h +++ b/usr.sbin/hoststated/hoststated.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hoststated.h,v 1.29 2007/02/24 15:48:54 reyk Exp $ */ +/* $OpenBSD: hoststated.h,v 1.30 2007/02/24 16:14:02 reyk Exp $ */ /* * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -398,7 +398,7 @@ enum prototype { #define SSLFLAG_VERSION 0x07 #define SSLFLAG_DEFAULT (SSLFLAG_SSLV3|SSLFLAG_TLSV1) -#define SSLCIPHERS_DEFAULT "HIGH" +#define SSLCIPHERS_DEFAULT "HIGH:!ADH" struct protocol { objid_t id; diff --git a/usr.sbin/relayd/relayd.conf.5 b/usr.sbin/relayd/relayd.conf.5 index 67dc4cbb859..79da08b7fb5 100644 --- a/usr.sbin/relayd/relayd.conf.5 +++ b/usr.sbin/relayd/relayd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: relayd.conf.5,v 1.25 2007/02/24 15:48:54 reyk Exp $ +.\" $OpenBSD: relayd.conf.5,v 1.26 2007/02/24 16:14:02 reyk Exp $ .\" .\" Copyright (c) 2006 Pierre-Yves Ritschard <pyr@spootnik.org> .\" @@ -518,8 +518,8 @@ Valid options are: .It Ic ciphers Ar string Set the string defining the SSL cipher suite. If not specified, the default value -.Ar HIGH -to force strong crypto cipher suites will be used. +.Ar HIGH:!ADH +will be used (strong crypto cipher suites without anonymous DH). See the .Sx CIPHERS section of diff --git a/usr.sbin/relayd/relayd.h b/usr.sbin/relayd/relayd.h index 205a1af9027..4ee665fb55f 100644 --- a/usr.sbin/relayd/relayd.h +++ b/usr.sbin/relayd/relayd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: relayd.h,v 1.29 2007/02/24 15:48:54 reyk Exp $ */ +/* $OpenBSD: relayd.h,v 1.30 2007/02/24 16:14:02 reyk Exp $ */ /* * Copyright (c) 2006, 2007 Pierre-Yves Ritschard <pyr@spootnik.org> @@ -398,7 +398,7 @@ enum prototype { #define SSLFLAG_VERSION 0x07 #define SSLFLAG_DEFAULT (SSLFLAG_SSLV3|SSLFLAG_TLSV1) -#define SSLCIPHERS_DEFAULT "HIGH" +#define SSLCIPHERS_DEFAULT "HIGH:!ADH" struct protocol { objid_t id; |