Hi, sorry for reviving an old discussion.
On 11/03/2014 13:02, Nikos Mavrogiannopoulos wrote: > Actually I was wrong in allowing them. SSL 3.0 uses a special MAC > construction that isn't defined for SHA256 or better, and there is no > authority to extend that definition. I'll revert that choice on the > next bug fix release. > I'm afraid you forgot to change back the minimum version to TLS 1.0 for some ciphersuites using SHA-2 : % gnutls-cli --version | head -n 1 gnutls-cli 3.3.5 % gnutls-cli --priority EXPORT:+NULL:+MD5:+PSK:+DHE-PSK:+ECDHE-PSK:+RSA-PSK --list | grep 'SHA[23].*SSL3' TLS_RSA_NULL_SHA256 0x00, 0x3b SSL3.0 TLS_DHE_DSS_CAMELLIA_256_CBC_SHA256 0x00, 0xc3 SSL3.0 TLS_PSK_NULL_SHA256 0x00, 0xb0 SSL3.0 TLS_PSK_NULL_SHA384 0x00, 0xb1 SSL3.0 TLS_DHE_PSK_NULL_SHA256 0x00, 0xb4 SSL3.0 TLS_DHE_PSK_NULL_SHA384 0x00, 0xb5 SSL3.0 TLS_ECDHE_PSK_NULL_SHA256 0xc0, 0x3a SSL3.0 TLS_ECDHE_PSK_NULL_SHA384 0xc0, 0x3b SSL3.0 TLS_RSA_PSK_NULL_SHA256 0x00, 0xb8 SSL3.0 TLS_RSA_PSK_NULL_SHA384 0x00, 0xb9 SSL3.0 (I'm not claiming the above list is complete.) Regards, Manuel. _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
