[gnutls-help] Ciphersuite minimal version inconsistency?

Manuel Pégourié-Gonnard mpg at polarssl.org
Fri Feb 28 16:38:11 CET 2014


% gnutls-cli --version | head -n1
gnutls-cli 3.2.11
% gnutls-cli --list | grep DHE_PSK_ARC
TLS_ECDHE_PSK_ARCFOUR_128_SHA1                    	0xc0, 0x33	SSL3.0
TLS_DHE_PSK_ARCFOUR_128_SHA1                      	0x00, 0x8e	TLS1.0

I have trouble getting why the DHE_PSK suite would require TLS 1.0 while the
ECDHE_PSK one would work with SSL 3.0. AFAICS, neither RFC 4279 nor 5489, which
define these suites, say anything about a minimum version for them.

Am I missing something?


More information about the Gnutls-help mailing list