RSA-PSK ciphersuites are only allowed in TLS 1.0.

That is because they implement the EncryptedPreMasterSecret encoding according to RFC 4279, which uses the TLS 1.0 (RFC 2246) encoding, and there can be ambiguities when using that over SSL 3.0. See: http://lists.gnupg.org/pipermail/gnutls-help/2014-July/003546.html
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-07-22 13:30:33 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-07-22 13:30:33 +0200
commit: 74d967c0361153c55a98f9165c87f9f8d3ad480b (patch)
tree: 8e8c006d49333a887b35386f6fdb40a4f0d458ad /lib/algorithms/ciphersuites.c
parent: 8913a5230ca168b395afb183096355f709c2795e (diff)
download: gnutls-74d967c0361153c55a98f9165c87f9f8d3ad480b.tar.gz
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index 85be7b7da9..75608e9925 100644
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -786,19 +786,19 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
 	/* RSA-PSK */
 	ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1,
 	      GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_RSA_PSK,
-	      GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+	      GNUTLS_MAC_SHA1, GNUTLS_TLS1,
 	      GNUTLS_VERSION_UNKNOWN),
 	ENTRY(GNUTLS_RSA_PSK_3DES_EDE_CBC_SHA1,
 	      GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_RSA_PSK,
-	      GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+	      GNUTLS_MAC_SHA1, GNUTLS_TLS1,
 	      GNUTLS_DTLS_VERSION_MIN),
 	ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA1,
 	      GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
-	      GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+	      GNUTLS_MAC_SHA1, GNUTLS_TLS1,
 	      GNUTLS_DTLS_VERSION_MIN),
 	ENTRY(GNUTLS_RSA_PSK_AES_256_CBC_SHA1,
 	      GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
-	      GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+	      GNUTLS_MAC_SHA1, GNUTLS_TLS1,
 	      GNUTLS_DTLS_VERSION_MIN),
 	ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_GCM_SHA256,
 	      GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_RSA_PSK,
@@ -820,7 +820,7 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
 	      GNUTLS_DTLS_VERSION_MIN),
 	ENTRY(GNUTLS_RSA_PSK_NULL_SHA1,
 	      GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
-	      GNUTLS_MAC_SHA1, GNUTLS_SSL3,
+	      GNUTLS_MAC_SHA1, GNUTLS_TLS1,
 	      GNUTLS_DTLS_VERSION_MIN),
 	ENTRY(GNUTLS_RSA_PSK_NULL_SHA256,
 	      GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-07-22 13:30:33 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-07-22 13:30:33 +0200
commit	74d967c0361153c55a98f9165c87f9f8d3ad480b (patch)
tree	8e8c006d49333a887b35386f6fdb40a4f0d458ad /lib/algorithms/ciphersuites.c
parent	8913a5230ca168b395afb183096355f709c2795e (diff)
download	gnutls-74d967c0361153c55a98f9165c87f9f8d3ad480b.tar.gz