gnutls-3.0.9, PSK and SECURE256

Nikos Mavrogiannopoulos nmav at
Sun Dec 18 19:25:08 CET 2011

On 12/17/2011 09:36 PM, Michael Weiser wrote:

> Hello list, Hi Nikos, my home-grown stunnel-lookalike uses gnutls
> and PSK. I run it with the following ciphersuite priority
> specification: SECURE256:+ECDHE-PSK:+DHE-PSK:+PSK. After upgrading to
> gnutls-3.0.9 it no longer works. This seems to be due to the fact
> that PSK ciphersuites use AES128 at most. Up until 3.0.9 they used to
> belong to SECURE256 but now got removed. So in order to be able to
> use PSK I have to switch to SECURE128.

> I don't want to debate the reason for removing AES128 from SECURE256.
> Obviously the security level with SECURE128 is just as high (or low)
> as before. Rather I wonder, why PSK isn't used in conjunction with
> AES256?

There is very little point to use SECURE256. This is really an insane
security level that has to be supported by public keys of equivalent
level (e.g. for DHE in your case) that are of a size that probably 
would make the handshake extremely slow.

However, for the situation you describe the issue isn't AES-256 but the 
fact that the PSK ciphersuites (in rfc4279) are defined using SHA-1, which 
isn't available any more in the 256-bit security level.


More information about the Gnutls-help mailing list