diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-07-22 13:03:38 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-07-22 13:06:04 +0200 |
| commit | 82805f09e3f9da95ffc60a05ac9ee6ddbc392a2f (patch) | |
| tree | 13af62bb652db70473a23346f55dadf36f46d01a | |
| parent | 829ba9d18329f05dae029dc0f787d9509f768ea0 (diff) | |
| download | gnutls-82805f09e3f9da95ffc60a05ac9ee6ddbc392a2f.tar.gz | |
minimum version was changed to TLS 1.0 for ciphersuites with SHA2
These ciphersuites could not be used with SSL 3.0 that only defines
usage of MD5 or SHA1 MACs. Reported by Manuel Pegourie-Gonnard.
| -rw-r--r-- | lib/algorithms/ciphersuites.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 11b9004e58..8433b97f53 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -322,7 +322,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_RSA_NULL_SHA256, GNUTLS_CIPHER_NULL, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), /* RSA */ @@ -434,7 +434,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, @@ -708,11 +708,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_VERSION_UNKNOWN), ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK, @@ -782,7 +782,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS1_2), ENTRY(GNUTLS_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK, @@ -816,7 +816,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), /* RSA-PSK */ @@ -856,7 +856,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_RSA_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK, @@ -868,7 +868,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK, @@ -907,11 +907,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS1_2), ENTRY(GNUTLS_DHE_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, |