diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-10-23 18:59:11 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-10-23 18:59:11 +0200 |
| commit | f903ef51c070204c8e5e7816270fa0793407d7a0 (patch) | |
| tree | 26b4e1f73b4f85ed2314b62bcfc3662097a81396 | |
| parent | 3ff8313d3eb53eed1a509e45d5f5103c87c1900d (diff) | |
| download | gnutls-f903ef51c070204c8e5e7816270fa0793407d7a0.tar.gz | |
Restrict ciphersuites that use SHA2 or better to TLS1.0 or later.
| -rw-r--r-- | lib/algorithms/ciphersuites.c | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index d0ca400c6a..6ea2803e43 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -557,11 +557,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_VERSION_UNKNOWN), ENTRY (GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF (GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), /* ECDHE-ECDSA */ @@ -587,11 +587,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_VERSION_UNKNOWN), ENTRY (GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF (GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), /* More ECC */ @@ -809,11 +809,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), ENTRY_PRF(GNUTLS_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), /* RSA-PSK */ @@ -849,11 +849,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS1_2), ENTRY (GNUTLS_RSA_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_RSA_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF (GNUTLS_RSA_PSK_AES_256_GCM_SHA384, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK, @@ -861,19 +861,19 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS1_2, GNUTLS_DIG_SHA384), ENTRY_PRF (GNUTLS_RSA_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), ENTRY_PRF (GNUTLS_RSA_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), ENTRY (GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF (GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), @@ -908,11 +908,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS1_2), ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_DIG_SHA384), ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK, |