[gnutls-help] Ciphersuite minimal version inconsistency?

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Mar 11 13:02:48 CET 2014

On Tue, Mar 11, 2014 at 11:16 AM, Manuel Pégourié-Gonnard
<mpg at polarssl.org> wrote:
>>  The RFCs you refer to don't mention SSL 3.0 at all, so my approach was
>> to allow these algorithms for TLS 1.0 or later. Unfortunately openssl
>> was negotiating these algorithms on SSL 3.0 as well, so I allowed some
>> of them in SSL 3.0 as well. I asked the TLS WG at the time, and there
>> was no real answer. Anyway maybe it makes sense to allow all the TLS 1.0
>> ciphersuites in SSL 3.0 as well to prevent any incompatibilities.
> I see you allowed these suites in SSL 3.0 in the latest release. I agree that
> it's not clear if there is a real answer here, but thanks for you reaction anyway.

 Actually I was wrong in allowing them. SSL 3.0 uses a special MAC
construction that isn't defined for SHA256 or better, and there is no
authority to extend that definition. I'll revert that choice on the
next bug fix release.


More information about the Gnutls-help mailing list