[gnutls-help] FIPS ciphers list is wrong
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Mar 12 07:19:47 CET 2015
On Wed, 2015-03-11 at 13:27 -0400, jonetsu wrote:
> > From: "Nikos Mavrogiannopoulos" <nmav at gnutls.org>
> > Date: 03/11/15 11:27
> > GNUTLS_FORCE_FIPS_MODE=1 ./gnutls-cli -l --priority NORMAL
> > ./gnutls-cli -l --priority NORMAL
> Thanks. In the resulting list many TLS1.0 are found:
>
> (abridged list)
>
> TLS_ECDHE_ECDSA_AES_128_CBC_SHA256 TLS1.0
> TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 TLS1.0
> TLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 TLS1.0
> TLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 TLS1.0
> TLS_ECDHE_RSA_AES_128_CBC_SHA256 TLS1.0
> [...]
> However, NIST Special Publication 800-52 Revision 1 specifies
> that no TLS1.0 should be used.
> Please see '3.1 Protocol Version Support' in:
>
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf
That's correct, but I don't think that SP800-52 is a requirement in
FIPS140-2. Do you have such a reference?
regards,
Nikos
More information about the Gnutls-help
mailing list