TLS_RSA_NULL_MD5

Mon Jul 26 12:11:40 CEST 2010

On Mon, Jul 26, 2010 at 2:57 AM, Nathan Redden <nredden at ccinet.us> wrote:
>
> I have been implementing a TLS 1.2 implementation using the GnuTLS library.  I have a requirement to be able to use no data encryption.  The cipher suite
> TLS_RSA_NULL_MD5 is listed in the supported cipher suites, but I cannot figure out how to force GnuTLS to only negotiate this.  I have tried all of the Common keywords and
> eliminated all ciphers and starting from NONE adding in the key exchange, compression, and MAC.  I have tried compatibility mode as well.

You must have been the first one using this ciphersuite. It never
seemed to work. To get it apply the attached patch, and verify it
using the priority string
"NONE:+RSA:+MD5:+NULL:+VERS-TLS1.0:+COMP-NULL".

regards,
Nikos
-------------- next part --------------
diff -ur gnutls-2.11.0.orig/lib/gnutls_algorithms.c gnutls-2.11.0/lib/gnutls_algorithms.c

--- gnutls-2.11.0.orig/lib/gnutls_algorithms.c	2010-07-21 09:16:07.000000000 +0200
+++ gnutls-2.11.0/lib/gnutls_algorithms.c	2010-07-26 12:07:08.000000000 +0200
@@ -236,7 +236,7 @@
   {"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64},
   {"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0},	/* not used as MAC */
   {"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20},
-  {"NULL", NULL, GNUTLS_MAC_NULL, 0},
+  {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0},
   {0, 0, 0, 0}
 };
 
