mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-05-23 13:52:28 +00:00
Restore Referer-Policy and wrap up MbedTLS changes
redbean will now set Referer-Policy to no-referrer-when-downgrade on text/html responses by default. There's better explanations on the bits of security redbean is offering. In short, it's 128+ for modern clients and 112+ for legacy. If the -B flag is used then it's 192+ for modern and 150+ for non-EC.
This commit is contained in:
Justine Tunney
parent
344d2dc356
commit
df8ab0aa0c
32 changed files with 679 additions and 663 deletions
6
third_party/mbedtls/ssl_tls.c
vendored
6
third_party/mbedtls/ssl_tls.c
vendored
|
|
@ -7597,20 +7597,14 @@ static uint8_t ssl_preset_default_hashes[] = {
|
|||
|
||||
static uint16_t ssl_preset_suiteb_ciphersuites[] = {
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
||||
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
||||
0
|
||||
};
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
|
||||
static uint8_t ssl_preset_suiteb_hashes[] = {
|
||||
MBEDTLS_MD_SHA384,
|
||||
MBEDTLS_MD_SHA256,
|
||||
MBEDTLS_MD_NONE
|
||||
};
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue