[gnutls-help] Ciphersuite minimal version inconsistency?

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Jul 22 13:05:34 CEST 2014


On Mon, Jul 21, 2014 at 6:08 PM, Manuel Pégourié-Gonnard
<mpg at polarssl.org> wrote:
> Hi,
> sorry for reviving an old discussion.
> On 11/03/2014 13:02, Nikos Mavrogiannopoulos wrote:
>>  Actually I was wrong in allowing them. SSL 3.0 uses a special MAC
>> construction that isn't defined for SHA256 or better, and there is no
>> authority to extend that definition. I'll revert that choice on the
>> next bug fix release.
> I'm afraid you forgot to change back the minimum version to TLS 1.0 for some
> ciphersuites using SHA-2 :

Thank you for reporting that. That should have now been corrected in master.

regards,
Nikos



More information about the Gnutls-help mailing list