• M
    Split configuration of TLSv1.3 ciphers from older ciphers · f865b081
    Matt Caswell 提交于
    With the current mechanism, old cipher strings that used to work in 1.1.0,
    may inadvertently disable all TLSv1.3 ciphersuites causing connections to
    fail. This is confusing for users.
    
    In reality TLSv1.3 are quite different to older ciphers. They are much
    simpler and there are only a small number of them so, arguably, they don't
    need the same level of control that the older ciphers have.
    
    This change splits the configuration of TLSv1.3 ciphers from older ones.
    By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable
    them through your existing config.
    
    Fixes #5359
    Reviewed-by: NTim Hudson <tjh@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5392)
    f865b081
s3_lib.c 123.2 KB