diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-05-29 21:16:38 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-05-29 21:18:26 +0200 |
| commit | 3388e97e74cd223d7e31f383cf3a8bdae92762c8 (patch) | |
| tree | 3d140ed5c4c2faa319503908d6311ffd23dde5ff | |
| parent | 5ae3328975b821a6da1299712e5fa9383851400c (diff) | |
| download | gnutls-3388e97e74cd223d7e31f383cf3a8bdae92762c8.tar.gz | |
allow ciphersuites with elliptic curves even when using SSL 3.0. This works around a bug on openssl in certain Debian systems.
| -rw-r--r-- | lib/algorithms/ciphersuites.c | 30 |
1 files changed, 15 insertions, 15 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index a55e2040e3..70068d2b3e 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -397,36 +397,36 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { /* ECC-RSA */ ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), /* ECDHE-ECDSA */ ENTRY (GNUTLS_ECDHE_ECDSA_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), /* More ECC */ @@ -498,15 +498,15 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { /* ECC - PSK */ ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, @@ -673,19 +673,19 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { /* ECC-ANON */ ENTRY (GNUTLS_ECDH_ANON_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), #endif #ifdef ENABLE_SRP |