[gnutls-devel] GnuTLS | HMAC-SHA256 missing from NORMAL (#831)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Sep 11 10:39:30 CEST 2019




Nikos Mavrogiannopoulos commented:


The rationale for the removal is:
```
These ciphersuites are deprecated since the introduction of AEAD
ciphersuites, and are only necessary for compatibility with older
servers. Since older servers already support hmac-sha1 there is
no reason to keep these ciphersuites enabled by default, as they
increase our attack surface.
```

The longer version is that these ciphersuites are harder to secure in terms of lucky13-type of attacks, and thus significantly increase the attack surface. Their security is no better than HMAC-SHA1 (SHA1 is a weak signature algorithm but still a very strong hmac algorithm), thus there is no reason to enable them. Would it be reasonable for software which really needs to connect to windows RDP servers to enable these algorithms explicitly?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/831#note_215339646
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190911/588edfde/attachment.html>


More information about the Gnutls-devel mailing list