diff options
author | Mike MacCana <mike@certsimple.com> | 2015-05-08 19:54:34 +0100 |
---|---|---|
committer | Roman Reiss <me@silverwind.io> | 2015-05-11 13:37:48 +0200 |
commit | 5755fc099f883293530406c423bda47414834057 (patch) | |
tree | e8558aaede355388d68b47308fc88c54699dcf28 /lib | |
parent | 18d457bd3408557a48b453f13b2b99e1ab5e7159 (diff) | |
download | android-node-v8-5755fc099f883293530406c423bda47414834057.tar.gz android-node-v8-5755fc099f883293530406c423bda47414834057.tar.bz2 android-node-v8-5755fc099f883293530406c423bda47414834057.zip |
tls: update default ciphers to use gcm and aes128
AES-GCM or CHACHA20_POLY1305 ciphers must be used in current version of
Chrome to avoid an 'obsolete cryptography' warning.
Prefer 128 bit AES over 192 and 256 bit AES considering attacks that
specifically affect the larger key sizes but do not affect AES 128.
PR-URL: https://github.com/iojs/io.js/pull/1660
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: Roman Reiss <me@silverwind.io>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/tls.js | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/lib/tls.js b/lib/tls.js index 3ae7a8f58b..10c82860ba 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -15,12 +15,17 @@ exports.CLIENT_RENEG_WINDOW = 600; exports.SLAB_BUFFER_SIZE = 10 * 1024 * 1024; exports.DEFAULT_CIPHERS = [ + 'ECDHE-RSA-AES128-GCM-SHA256', + 'ECDHE-ECDSA-AES128-GCM-SHA256', + 'ECDHE-RSA-AES256-GCM-SHA384', + 'ECDHE-ECDSA-AES256-GCM-SHA384', + 'DHE-RSA-AES128-GCM-SHA256', + 'ECDHE-RSA-AES128-SHA256', + 'DHE-RSA-AES128-SHA256', 'ECDHE-RSA-AES256-SHA384', 'DHE-RSA-AES256-SHA384', 'ECDHE-RSA-AES256-SHA256', 'DHE-RSA-AES256-SHA256', - 'ECDHE-RSA-AES128-SHA256', - 'DHE-RSA-AES128-SHA256', 'HIGH', '!aNULL', '!eNULL', |