diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-03-08 17:10:48 +0100 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2014-03-08 17:10:50 +0100 |
| commit | bc49b027f7e9a2486a7c9be67e43a84cbe1b6269 (patch) | |
| tree | 2b7261b4ec9bcfdb80d60ba4c9dd2de84db009e9 | |
| parent | f225d1a0a68101409095dc1d5ef36f93a83519c1 (diff) | |
| download | gnutls-bc49b027f7e9a2486a7c9be67e43a84cbe1b6269.tar.gz | |
ciphersuites that utilize SHA256 or SHA384 are only available in TLS 1.0
The SSL 3.0 protocol (rfc6101) uses a variant of HMAC that is only
defined for MD5 and SHA1. Thus if such a ciphersuite is negotiated under
SSL 3.0, it will during MAC initialization.
| -rw-r--r-- | lib/algorithms/ciphersuites.c | 78 |
1 files changed, 39 insertions, 39 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index 86957b68f0..3493d46675 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -345,11 +345,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, @@ -361,11 +361,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), /* GCM */ ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256, @@ -417,7 +417,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_256_CBC, @@ -437,11 +437,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), /* GCM */ ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256, @@ -477,12 +477,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, @@ -496,11 +496,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), /* GCM */ ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256, @@ -540,7 +540,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA, @@ -548,11 +548,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_VERSION_UNKNOWN), ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), /* ECDHE-ECDSA */ @@ -578,22 +578,22 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_VERSION_UNKNOWN), ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), /* More ECC */ ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA, @@ -621,7 +621,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256, @@ -668,11 +668,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK, @@ -692,11 +692,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_ECDHE_PSK_SALSA20_256_SHA1, @@ -728,7 +728,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK, @@ -758,11 +758,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_PSK_SALSA20_256_SHA1, @@ -776,7 +776,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, @@ -816,7 +816,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS1_2), ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_RSA_PSK_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, @@ -832,7 +832,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, @@ -840,11 +840,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), @@ -867,7 +867,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK, @@ -887,7 +887,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK, @@ -895,11 +895,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_SSL3, + GNUTLS_MAC_SHA384, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK, @@ -931,12 +931,12 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, @@ -950,11 +950,11 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_SSL3, + GNUTLS_MAC_SHA256, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH, |