On Mon, Jul 26, 2010 at 2:57 AM, Nathan Redden <[email protected]> wrote:
>
> I have been implementing a TLS 1.2 implementation using the GnuTLS library.
> I have a requirement to be able to use no data encryption. The cipher suite
> TLS_RSA_NULL_MD5 is listed in the supported cipher suites, but I cannot
> figure out how to force GnuTLS to only negotiate this. I have tried all of
> the Common keywords and
> eliminated all ciphers and starting from NONE adding in the key exchange,
> compression, and MAC. I have tried compatibility mode as well.
You must have been the first one using this ciphersuite. It never
seemed to work. To get it apply the attached patch, and verify it
using the priority string
"NONE:+RSA:+MD5:+NULL:+VERS-TLS1.0:+COMP-NULL".
regards,
Nikos
diff -ur gnutls-2.11.0.orig/lib/gnutls_algorithms.c
gnutls-2.11.0/lib/gnutls_algorithms.c
--- gnutls-2.11.0.orig/lib/gnutls_algorithms.c 2010-07-21 09:16:07.000000000
+0200
+++ gnutls-2.11.0/lib/gnutls_algorithms.c 2010-07-26 12:07:08.000000000
+0200
@@ -236,7 +236,7 @@
{"SHA512", HASH_OID_SHA512, GNUTLS_MAC_SHA512, 64},
{"MD2", HASH_OID_MD2, GNUTLS_MAC_MD2, 0}, /* not used as MAC */
{"RIPEMD160", HASH_OID_RMD160, GNUTLS_MAC_RMD160, 20},
- {"NULL", NULL, GNUTLS_MAC_NULL, 0},
+ {"MAC-NULL", NULL, GNUTLS_MAC_NULL, 0},
{0, 0, 0, 0}
};
_______________________________________________
Help-gnutls mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-gnutls
