Security framework. Security callback: selects which parameters are permitted including sensible defaults based on bits of security. The "parameters" which can be selected include: ciphersuites, curves, key sizes, certificate signature algorithms, supported signature algorithms, DH parameters, SSL/TLS version, session tickets and compression. In some cases prohibiting the use of a parameters will mean they are not advertised to the peer: for example cipher suites and ECC curves. In other cases it will abort the handshake: e.g DH parameters or the peer key size. Documentation to follow...

commit: b362ccab5c1d52086f19d29a32f4acc11073b86b [log] [tgz]
author: Dr. Stephen Henson <steve@openssl.org> Sun Dec 15 13:32:24 2013 +0000
committer: Dr. Stephen Henson <steve@openssl.org> Fri Mar 28 14:56:30 2014 +0000
tree: a6a2de4f90c8ce9272164ad448ac78cf95371909
parent: 66f96fe2d519147097c118d4bf60704c69ed0635 [diff] [blame]
diff --git a/ssl/tls1.h b/ssl/tls1.h
index dbc612c..f288bb9 100644
--- a/ssl/tls1.h
+++ b/ssl/tls1.h

@@ -157,6 +157,11 @@
 extern "C" {
 #endif
 
+/* Default security level if not overriden at config time */
+#ifndef OPENSSL_TLS_SECURITY_LEVEL
+#define OPENSSL_TLS_SECURITY_LEVEL 1
+#endif
+
 #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES	0
 
 #define TLS1_2_VERSION			0x0303
commit	b362ccab5c1d52086f19d29a32f4acc11073b86b	[log] [tgz]
author	Dr. Stephen Henson <steve@openssl.org>	Sun Dec 15 13:32:24 2013 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	Fri Mar 28 14:56:30 2014 +0000
tree	a6a2de4f90c8ce9272164ad448ac78cf95371909
parent	66f96fe2d519147097c118d4bf60704c69ed0635 [diff] [blame]