diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-07-22 13:03:38 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-07-22 13:03:38 +0200 |
| commit | 3b207550e548dbd1fdf7630ec430d2550a992670 (patch) | |
| tree | 09e8cade2a219b99f763ce9818c0338ce64c50c0 | |
| parent | 35b99272b3eb7ea5d8886b00f70727e03fd542b0 (diff) | |
| download | gnutls-3b207550e548dbd1fdf7630ec430d2550a992670.tar.gz | |
minimum version was changed to TLS 1.0 for ciphersuites with SHA2
These ciphersuites could not be used with SSL 3.0 that only defines
usage of MD5 or SHA1 MACs. Reported by Manuel Pegourie-Gonnard.
| -rw-r--r-- | lib/algorithms/ciphersuites.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index a5f94e7d63..85be7b7da9 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -318,7 +318,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_RSA_NULL_SHA256, GNUTLS_CIPHER_NULL, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), /* RSA */ @@ -422,7 +422,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, @@ -684,11 +684,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK, @@ -754,7 +754,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK, @@ -780,7 +780,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), /* RSA-PSK */ @@ -824,7 +824,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_RSA_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK, @@ -836,7 +836,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK, @@ -879,11 +879,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, |