Update predefined priority keywords
The NORMAL
priority keyword enables several protocols and algorithms
that shouldn't be considered secure by current standards,
specifically:
- plain RSA key exchange
- TLS 1.0
- TLS 1.1
- DTLS 1.0
- SHA-1 signatures
- SHA-1 MAC seems at least questionable
Aside from SHA-1 signatures and in some cases SHA-1 MAC this also
applies to all the SECURE
variants, and everything aside from plain
RSA also to PFS
.
I suppose there may be a compatibility tradeoff regarding SHA-1 MAC, but the rest could be removed without being any less compatible with older servers than modern browsers. For TLS 1.2 servers that still don't support AEAD adding SHA-256 MAC might be useful, whether SHA-1 is removed or not.
Considering that these keywords are intended for people who want reasonably secure defaults without digging into all the details I think they should be updated soon. I'd be happy to prepare a patch if there is consensus on what should be included.