The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.
To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
--- Begin Message ---
This patch enhances security in openssl and wolfssl, to match those used
in mbedtls, and fixes selection of TLS protocol in wolfssl.
WolfSSL was not honoring protocol selection using SSL_CTX_set_options,
so TLSv1_2_server_method needs to be used instead.
Here's the ciphersuite ordering being used:
- key exchange: prefer ECDHE, then DHE(client only), then RSA
- prefer AEAD ciphers:
chacha20-poly1305, the fastest in software, 256-bits
aes128-gcm, 128-bits
aes256-gcm, 256-bits
- CBC ciphers
aes128, aes256, 3DES(client only)
This list is already being used with mbedtls (minus chacha cipher that
is not available).
Note that the wolfssl does not understand some of openssl chiper list
directives that were previously used , such as !RC4 to remove RC4 suites,
or @STRENGTH, to order them by strength.
Eneas U de Queiroz (1):
openssl, wolfssl: match mbedTLS ciphersuite list
ustream-openssl.c | 60 +++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 54 insertions(+), 6 deletions(-)
--
2.16.4
--- End Message ---
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
