K 10
svn:author
V 6
iulius
K 8
svn:date
V 27
2014-11-11T13:36:31.303109Z
K 7
svn:log
V 817
Improve tuning of the SSL/TLS configuration

nnrpd's TLS support is basically using OpenSSL's defaults WRT issues
such as protocol support and cipher suites.  In these days of POODLEs
and other vulnerabilities, it should be useful to be able to have better
control over what's offered.  So this patch adds a few options to inn.conf:

- tlsprotocols:  allows to select the SSL/TLS versions that are
  supported

- tlsciphers:  allows to give an OpenSSL cipher string to tailor the
  cipher suites that are offered to clients

- tlspreferserverciphers:  switches on the server-side selection of
  the cipher suite (TLS default is "client chooses")

- tlscompression:  allows to turn off TLS compression (because
  of the CRIME attack) if the OpenSSL version supports this.

Many thanks to Christian Mock for his patch.

END
