commit c49fedebfc8422de7bfc0076ee6fbd75f2e9942c
parent dbf287b8ba5c7d00259bb25597fbc5ae8477b4a0
Author: Tomas Hlavaty <tom@logand.com>
Date: Mon, 29 Dec 2014 16:32:51 +0100
comment on tls broken and good stuff, remove distractions
Diffstat:
| M | tls.lisp | | | 68 | +++++--------------------------------------------------------------- |
1 file changed, 5 insertions(+), 63 deletions(-)
diff --git a/tls.lisp b/tls.lisp
@@ -25,6 +25,10 @@
(in-package :rw.tls)
+;; broken stuff: rc4 md5 sha1 aescbc rsa1024 rsa-keyxchg ecdsa
+
+;; good: dhe ecdhe aesgcm pfs; better 512hash rsa4096+ aes256+
+
;;tshark -i wlp3s0 -V >~/git/cl-rw/tls.log
;;gnutls-cli wikipedia.org
@@ -517,72 +521,9 @@
:random_bytes client-random)
:session_id (make-$SessionID #+nil :data #+nil(random-octets 32))
:cipher_suites '(
- ;; TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- ;; TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- ;; TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- ;; TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- ;; TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- ;; TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- ;; TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- ;; TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- ;; TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- ;; TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- ;; TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- ;; TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
;; TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- ;; TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- ;; TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- ;; TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- ;; TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- ;; TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- ;; TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- ;; TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- ;; TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- ;; TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- ;; TLS_ECDHE_RSA_WITH_RC4_128_SHA
- ;; TLS_RSA_WITH_AES_128_GCM_SHA256
- ;; TLS_RSA_WITH_AES_256_GCM_SHA384
- ;; TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- ;; TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- ;; TLS_RSA_WITH_AES_128_CBC_SHA
- ;; TLS_RSA_WITH_AES_128_CBC_SHA256
- ;; TLS_RSA_WITH_AES_256_CBC_SHA
- ;; TLS_RSA_WITH_AES_256_CBC_SHA256
- ;; TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- ;; TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- ;; TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- ;; TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- ;; TLS_RSA_WITH_3DES_EDE_CBC_SHA
- ;; TLS_RSA_WITH_RC4_128_SHA
- ;; TLS_RSA_WITH_RC4_128_MD5
- ;; TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
;; TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- ;; TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- ;; TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- ;; TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- ;; TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- ;; TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- ;; TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- ;; TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- ;; TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- ;; TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- ;; TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- ;; TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- ;; TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
- ;; TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
- ;; TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256
- ;; TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384
- ;; TLS_DHE_DSS_WITH_AES_128_CBC_SHA
- ;; TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
- ;; TLS_DHE_DSS_WITH_AES_256_CBC_SHA
- ;; TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
- ;; TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA
- ;; TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256
- ;; TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
- ;; TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256
- ;; TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
- ;; TLS_DHE_DSS_WITH_RC4_128_SHA
)
:compression_methods (list 'null)
:extensions (list
@@ -749,3 +690,4 @@
(%tls-connect (rw:byte-reader s) (rw.wire:packet-writer s))))
;;(tls-connect "wikipedia.org")
+;;(tls-connect "127.1" 5556)
