[gnutls-help] Is AES GCM only in TLS1.2 ?
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu May 28 00:37:32 CEST 2015
On Wed 2015-05-27 16:35:52 -0400, jonetsu wrote:
> The output of the cipher listing, in FIPS mode, filtered for TLS1.2, gives:
> % gnutls-cli -l --priority NORMAL | grep 1.2
It appears you've trimmed the right-hand side of this transcript, where
TLS1.2 actually appears.
> Only GCM variation of AES. Why is GCM the only available AES variation in TLS1.2 ?
I think you're misunderstanding the output of gnutls-cli -l, which looks
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 0xc0, 0x2b TLS1.2
I think this line says that the TLS_ECDHE_ECDSA_AES_128_GCM_SHA256
ciphersuite is only available for TLS 1.2 and higher (because that is
when it when it was introduced).
You'll note that no ciphersuites are listed with a "TLS1.1" label,
despite the fact that GnuTLS will connect to a peer that only handles
Similarly, there are ciphersuites marked with SSL3.0, despite the fact
that GnuTLS does not support SSLv3 any longer (SSLv3 is old and
known-broken). These ciphersuites are listed that way because that's
the protocol version in which they were introduced.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 948 bytes
Desc: not available
More information about the Gnutls-help