RSA-PSK ciphersuites are only allowed in TLS 1.0.

That is because they implement the EncryptedPreMasterSecret encoding
according to RFC 4279, which uses the TLS 1.0 (RFC 2246) encoding,
and there can be ambiguities when using that over SSL 3.0.

See: http://lists.gnupg.org/pipermail/gnutls-help/2014-July/003546.html

1 files changed, 5 insertions, 5 deletions

diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 85be7b7da9..75608e9925 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -786,19 +786,19 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
 	/* RSA-PSK */
 	ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1,
 	      GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK,
-	      GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+	      GNUTLS_MAC_SHA1, GNUTLS_TLS1,
 	      GNUTLS_VERSION_UNKNOWN),
 	ENTRY(GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1,
 	      GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK,
-	      GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+	      GNUTLS_MAC_SHA1, GNUTLS_TLS1,
 	      GNUTLS_DTLS_VERSION_MIN),
 	ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA1,
 	      GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
-	      GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+	      GNUTLS_MAC_SHA1, GNUTLS_TLS1,
 	      GNUTLS_DTLS_VERSION_MIN),
 	ENTRY(GNUTLS_RSA_PSK_AES_256_CBC_SHA1,
 	      GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
-	      GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+	      GNUTLS_MAC_SHA1, GNUTLS_TLS1,
 	      GNUTLS_DTLS_VERSION_MIN),
 	ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256,
 	      GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK,
@@ -820,7 +820,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
 	      GNUTLS_DTLS_VERSION_MIN),
 	ENTRY(GNUTLS_RSA_PSK_NULL_SHA1,
 	      GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
-	      GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+	      GNUTLS_MAC_SHA1, GNUTLS_TLS1,
 	      GNUTLS_DTLS_VERSION_MIN),
 	ENTRY(GNUTLS_RSA_PSK_NULL_SHA256,
 	      GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,