Enable AES256 for GnuTLS DTLS

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

diff --git a/dtls.c b/dtls.c
index 9a7de4c3e0c5bfb9b624f4984801bd411536fb05..221e7482b8553d4375da609d81f981a70e8da4ac 100644 (file)
--- a/dtls.c
+++ b/dtls.c
@@ -366,6 +366,8 @@ struct {
 } gnutls_dtls_ciphers[] = {
        { "AES128-SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1,
          "NONE:+VERS-DTLS0.9:+COMP-NULL:+AES-128-CBC:+SHA1:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION" },
+       { "AES256-SHA", GNUTLS_CIPHER_AES_128_CBC, GNUTLS_MAC_SHA1,
+         "NONE:+VERS-DTLS0.9:+COMP-NULL:+AES-256-CBC:+SHA1:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION" },
        { "DES-CBC3-SHA", GNUTLS_CIPHER_3DES_CBC, GNUTLS_MAC_SHA1,
          "NONE:+VERS-DTLS0.9:+COMP-NULL:+3DES-CBC:+SHA1:+RSA:%COMPAT:%DISABLE_SAFE_RENEGOTIATION" },
 };

diff --git a/www/changelog.xml b/www/changelog.xml
index 5e101c68adf80d991e4c8b3d494a6d84eaa5255c..dc28f06532d3608111408db64ad5318718d9f93d 100644 (file)
--- a/www/changelog.xml
+++ b/www/changelog.xml
@@ -17,6 +17,7 @@
 <ul>
    <li><b>OpenConnect HEAD</b>
      <ul>
+       <li>Enable AES256 mode for DTLS with GnuTLS <a href="https://bugzilla.redhat.com/show_bug.cgi?id=955710"><i>(RH#955710)</i></a>.</li>
        <li>Add <tt>--dump-http-traffic</tt> option for debugging.</li>
        <li>Be more permissive in parsing XML forms.</li>
        <li>Use original URL when falling back to non-XML POST mode.</li>