> From: "Nikos Mavrogiannopoulos" <n...@gnutls.org> > Date: 03/11/15 11:27
> GNUTLS_FORCE_FIPS_MODE=1 ./gnutls-cli -l --priority NORMAL > ./gnutls-cli -l --priority NORMAL Thanks. In the resulting list many TLS1.0 are found: (abridged list) TLS_ECDHE_ECDSA_AES_128_CBC_SHA256 TLS1.0 TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 TLS1.0 TLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 TLS1.0 TLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 TLS1.0 TLS_ECDHE_RSA_AES_128_CBC_SHA256 TLS1.0 [...] However, NIST Special Publication 800-52 Revision 1 specifies that no TLS1.0 should be used. Please see '3.1 Protocol Version Support' in: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf Regards. _______________________________________________ Gnutls-help mailing list Gnutls-help@lists.gnutls.org http://lists.gnupg.org/mailman/listinfo/gnutls-help