On Wed, 27 May 2015 18:37:32 -0400 Daniel Kahn Gillmor <[email protected]> wrote:
Thanks for your reply. > > % gnutls-cli -l --priority NORMAL | grep 1.2 > It appears you've trimmed the right-hand side of this transcript, > where TLS1.2 actually appears. Yes. The '1.2' has to be there though, in order for the grep expression to evaluate correctly and produce output. > > Only GCM variation of AES. Why is GCM the only available AES > > variation in TLS1.2 ? > I think this line says that the TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 > ciphersuite is only available for TLS 1.2 and higher (because that is > when it when it was introduced). Yes. The concern though is not only about FIPS, but also about the recent NDcPP 1.0 in which nothing but TLS 1.2 is accepted. So I will have to modify somewhat the code so that it can recognize when to limit itself to TLS 1.2 and when to offer other versions. Depending on the operating environment. That is the background. The question actually is about AES and which variations are available when only TLS 1.2 if available. Seemingly that would be only the GCM variation, would it ? Regards. _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
