[gnutls-help] Ciphersuite minimal version inconsistency?
mpg at polarssl.org
Tue Mar 11 11:16:15 CET 2014
On 02/28/2014 07:43 PM, Nikos Mavrogiannopoulos wrote:
> The RFCs you refer to don't mention SSL 3.0 at all, so my approach was
> to allow these algorithms for TLS 1.0 or later. Unfortunately openssl
> was negotiating these algorithms on SSL 3.0 as well, so I allowed some
> of them in SSL 3.0 as well. I asked the TLS WG at the time, and there
> was no real answer. Anyway maybe it makes sense to allow all the TLS 1.0
> ciphersuites in SSL 3.0 as well to prevent any incompatibilities.
I see you allowed these suites in SSL 3.0 in the latest release. I agree that
it's not clear if there is a real answer here, but thanks for you reaction anyway.
More information about the Gnutls-help