From 3fa7beb0417e3c94b2afe39f4213556e05b697bb Mon Sep 17 00:00:00 2001 From: Matt Durham Date: Fri, 10 May 2024 11:37:36 -0400 Subject: [PATCH] update docs --- docs/sources/reference/config-blocks/http.md | 50 ++++++++++---------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/docs/sources/reference/config-blocks/http.md b/docs/sources/reference/config-blocks/http.md index a53be921dd..2a0233b18d 100644 --- a/docs/sources/reference/config-blocks/http.md +++ b/docs/sources/reference/config-blocks/http.md @@ -88,36 +88,36 @@ The `cipher_suites` argument determines what cipher suites to use. If you don't provide cipher suite, a default list is used. The set of cipher suites specified may be from the following: -| Cipher | Allowed in BoringCrypto builds | -| ----------------------------------------------- | ------------------------------ | -| `TLS_RSA_WITH_AES_128_CBC_SHA` | no | -| `TLS_RSA_WITH_AES_256_CBC_SHA` | no | -| `TLS_RSA_WITH_AES_128_GCM_SHA256` | yes | -| `TLS_RSA_WITH_AES_256_GCM_SHA384` | yes | -| `TLS_AES_128_GCM_SHA256` | no | -| `TLS_AES_256_GCM_SHA384` | no | -| `TLS_CHACHA20_POLY1305_SHA256` | no | -| `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA` | no | -| `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA` | no | -| `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` | no | -| `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` | no | -| `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256` | yes | -| `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384` | yes | -| `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` | yes | -| `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` | yes | -| `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256` | no | -| `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256` | no | +| Cipher | Allowed in BoringCrypto/CNGCrypto builds | +| ----------------------------------------------- |------------------------------------------| +| `TLS_RSA_WITH_AES_128_CBC_SHA` | no | +| `TLS_RSA_WITH_AES_256_CBC_SHA` | no | +| `TLS_RSA_WITH_AES_128_GCM_SHA256` | yes | +| `TLS_RSA_WITH_AES_256_GCM_SHA384` | yes | +| `TLS_AES_128_GCM_SHA256` | no | +| `TLS_AES_256_GCM_SHA384` | no | +| `TLS_CHACHA20_POLY1305_SHA256` | no | +| `TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA` | no | +| `TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA` | no | +| `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` | no | +| `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA` | no | +| `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256` | yes | +| `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384` | yes | +| `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256` | yes | +| `TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384` | yes | +| `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256` | no | +| `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256` | no | The `curve_preferences` argument determines the set of elliptic curves to prefer during a handshake in preference order. If not provided, a default list is used. The set of elliptic curves specified may be from the following: -| Curve | Allowed in BoringCrypto builds | -| ----------- | ------------------------------ | -| `CurveP256` | yes | -| `CurveP384` | yes | -| `CurveP521` | yes | -| `X25519` | no | +| Curve | Allowed in BoringCrypto /CNGCrypto builds | +| ----------- |-------------------------------------------| +| `CurveP256` | yes | +| `CurveP384` | yes | +| `CurveP521` | yes | +| `X25519` | no | The `min_version` and `max_version` arguments determine the oldest and newest TLS version that's acceptable from clients. If you don't provide the min and max TLS version, a default value is used.