[gnutls-devel] cipher suites
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Oct 25 14:22:27 CEST 2013
On 10/25/2013 12:56 PM, Stefan Bühler wrote:
>>> TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
>>> TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
>> These two exist though.
> Ah. I used the kx, cipher and mac (prf for AEAD mac) algorithm names to
> generate the "official" TLS names. You configured these two to have
> mac=SHA256 - which is why i couldn't find them. I guess they should use
> mac=SHA384, right?
Ouch. I tried to verify each and every one but it seems I missed those.
I've now fixed them.
> From some naming inconsistencies aside I think all other names match the
> specified algorithms, although I didn't check whether the 16-bit id
> matches the official listing.
> The inconsistencies are:
> * ARCFOUR is ARCFOUR_128 in ECDH* ciphers
> * if the mac is SHA1 and the cipher not a SALSA20 one, PSK, DHE-PSK and
> RSA-PSK become *PSK-SHA
This should be fixed by now.
regards,
Nikos
More information about the Gnutls-devel
mailing list