mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-08-04 00:40:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Restore Referer-Policy and wrap up MbedTLS changes

Browse source 
redbean will now set Referer-Policy to no-referrer-when-downgrade on
text/html responses by default. There's better explanations on the bits
of security redbean is offering. In short, it's 128+ for modern clients
and 112+ for legacy. If the -B flag is used then it's 192+ for modern
and 150+ for non-EC.
This commit is contained in:
Justine Tunney 2021-08-03 22:42:17 -07:00
parent 344d2dc356
commit df8ab0aa0c
32 changed files with 679 additions and 663 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tool/net/help.txt
View file

@ -248,9 +248,15 @@ SECURITY
Your redbean has been secured with algorithms so strong that, until a
few decades ago, it was illegal to share them with with those outside
the United States. By default, your redbean uses Suite C cryptography
since it goes a little bit faster. If you want stronger Suite B stuff
then you can pass the -B flag.
the United States. By default your redbean offers roughly 128 bits of
security with modern clients but will fall back to at minimum 112 bit
security depending on the preferences of legacy and iot clients. Both
are secure based on public knowledge until 2030 according to NIST. If
you'd rather restrict yourself to just 150+ bits of security but with
the tradeoff of dropping support for old Internet Explorer and making
embedded clients less happy, then pass the -B flag, which'll restrict
redbean to a very short list of protocols, algorithms, and parameters
that the NSA, NIST, and IANA all agree upon.
SSL verbosity is controlled as follows for troubleshooting: