[gnutls-help] Is AES GCM only in TLS1.2 ?

jonetsu at teksavvy.com jonetsu at teksavvy.com
Thu May 28 02:28:58 CEST 2015

On Wed, 27 May 2015 18:37:32 -0400
Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:

Thanks for your reply.

> > % gnutls-cli -l --priority NORMAL | grep 1.2

> It appears you've trimmed the right-hand side of this transcript,
> where TLS1.2 actually appears.

Yes.  The '1.2' has to be there though, in order for the grep expression
to evaluate correctly and produce output.

> > Only GCM variation of AES.  Why is GCM the only available AES
> > variation in TLS1.2 ?

> I think this line says that the TLS_ECDHE_ECDSA_AES_128_GCM_SHA256
> ciphersuite is only available for TLS 1.2 and higher (because that is
> when it when it was introduced).

Yes.  The concern though is not only about FIPS, but also about the
recent NDcPP 1.0 in which nothing but TLS 1.2 is accepted.  So I will
have to modify somewhat the code so that it can recognize when to limit
itself to TLS 1.2 and when to offer other versions.  Depending on the
operating environment.

That is the background.  The question actually is about AES and which
variations are available when only TLS 1.2 if available.  

Seemingly that would be only the GCM variation, would it ?

More information about the Gnutls-help mailing list