|
 |
519d7d |
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
|
|
|
519d7d |
index f3e19105f..ff13d3720 100644
|
|
|
519d7d |
--- a/lib/gnutls_priority.c
|
|
|
519d7d |
+++ b/lib/gnutls_priority.c
|
|
|
519d7d |
@@ -492,6 +492,7 @@ static const int sign_priority_secure192[] = {
|
|
|
519d7d |
static const int mac_priority_normal_default[] = {
|
|
|
519d7d |
GNUTLS_MAC_SHA1,
|
|
|
519d7d |
GNUTLS_MAC_AEAD,
|
|
|
519d7d |
+ GNUTLS_MAC_SHA256,
|
|
|
519d7d |
GNUTLS_MAC_MD5,
|
|
|
519d7d |
0
|
|
|
519d7d |
};
|
|
|
519d7d |
@@ -499,6 +500,7 @@ static const int mac_priority_normal_default[] = {
|
|
|
519d7d |
static const int mac_priority_normal_fips[] = {
|
|
|
519d7d |
GNUTLS_MAC_SHA1,
|
|
|
519d7d |
GNUTLS_MAC_AEAD,
|
|
|
519d7d |
+ GNUTLS_MAC_SHA256,
|
|
|
519d7d |
0
|
|
|
519d7d |
};
|
|
|
519d7d |
|
|
|
519d7d |
@@ -527,11 +529,13 @@ static const int mac_priority_suiteb192[] = {
|
|
|
519d7d |
static const int mac_priority_secure128[] = {
|
|
|
519d7d |
GNUTLS_MAC_SHA1,
|
|
|
519d7d |
GNUTLS_MAC_AEAD,
|
|
|
519d7d |
+ GNUTLS_MAC_SHA256,
|
|
|
519d7d |
0
|
|
|
519d7d |
};
|
|
|
519d7d |
|
|
|
519d7d |
static const int mac_priority_secure192[] = {
|
|
|
519d7d |
GNUTLS_MAC_AEAD,
|
|
|
519d7d |
+ GNUTLS_MAC_SHA256,
|
|
|
519d7d |
0
|
|
|
519d7d |
};
|
|
|
519d7d |
|
|
|
519d7d |
diff --git a/tests/priorities.c b/tests/priorities.c
|
|
|
519d7d |
index 46221fcc0..0593279de 100644
|
|
|
519d7d |
--- a/tests/priorities.c
|
|
|
519d7d |
+++ b/tests/priorities.c
|
|
|
519d7d |
@@ -100,18 +100,18 @@ try_prio(const char *prio, unsigned expected_cs, unsigned expected_ciphers)
|
|
|
519d7d |
|
|
|
519d7d |
void doit(void)
|
|
|
519d7d |
{
|
|
|
519d7d |
- const int normal = 41;
|
|
|
519d7d |
- const int null = 4;
|
|
|
519d7d |
- const int sec128 = 36;
|
|
|
519d7d |
+ const int normal = 57;
|
|
|
519d7d |
+ const int null = 5;
|
|
|
519d7d |
+ const int sec128 = 52;
|
|
|
519d7d |
|
|
|
519d7d |
try_prio("NORMAL", normal, 9);
|
|
|
519d7d |
try_prio("NORMAL:-MAC-ALL:+MD5:+MAC-ALL", normal, 9);
|
|
|
519d7d |
try_prio("NORMAL:+CIPHER-ALL", normal, 9); /* all (except null) */
|
|
|
519d7d |
try_prio("NORMAL:-CIPHER-ALL:+NULL", null, 1); /* null */
|
|
|
519d7d |
try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL", normal + null, 10); /* should be null + all */
|
|
|
519d7d |
- try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 5, 1);
|
|
|
519d7d |
+ try_prio("NORMAL:-CIPHER-ALL:+NULL:+CIPHER-ALL:-CIPHER-ALL:+AES-128-CBC", 10, 1);
|
|
|
519d7d |
try_prio("PERFORMANCE", normal, 9);
|
|
|
519d7d |
- try_prio("SECURE256", 10, 4);
|
|
|
519d7d |
+ try_prio("SECURE256", 16, 4);
|
|
|
519d7d |
try_prio("SECURE128", sec128, 8);
|
|
|
519d7d |
try_prio("SECURE128:+SECURE256", sec128, 8); /* should be the same as SECURE128 */
|
|
|
519d7d |
try_prio("SECURE128:+SECURE256:+NORMAL", normal, 9); /* should be the same as NORMAL */
|