diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-05-29 21:20:07 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2013-05-29 21:20:07 +0200 |
| commit | c74e2548cbff3c0bf62611d16e0a751474f037fc (patch) | |
| tree | 5ccfa6e334d5ca25c9c5dcfc389fda15f6da2784 | |
| parent | 0efa213e253244fb71f28de08b9f80705e909695 (diff) | |
| download | gnutls-c74e2548cbff3c0bf62611d16e0a751474f037fc.tar.gz | |
allow ciphersuites with elliptic curves even when using SSL 3.0.
This works around a bug on openssl in certain Debian systems.
| -rw-r--r-- | lib/algorithms/ciphersuites.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 817f07b659..8704d66230 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -358,36 +358,36 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { /* ECC-RSA */ ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), /* ECDHE-ECDSA */ ENTRY (GNUTLS_ECDHE_ECDSA_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), /* More ECC */ @@ -424,31 +424,31 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { /* ECC - PSK */ ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA256, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY_PRF (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA384, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1, GNUTLS_MAC_SHA384), ENTRY (GNUTLS_ECDHE_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA256, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY_PRF (GNUTLS_ECDHE_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA384, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1, GNUTLS_MAC_SHA384), /* PSK */ @@ -563,19 +563,19 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { /* ECC-ANON */ ENTRY (GNUTLS_ECDH_ANON_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_MAX, 1), #endif #ifdef ENABLE_SRP |