On 12/17/2011 09:36 PM, Michael Weiser wrote: > Hello list, Hi Nikos, my home-grown stunnel-lookalike uses gnutls > and PSK. I run it with the following ciphersuite priority > specification: SECURE256:+ECDHE-PSK:+DHE-PSK:+PSK. After upgrading to > gnutls-3.0.9 it no longer works. This seems to be due to the fact > that PSK ciphersuites use AES128 at most. Up until 3.0.9 they used to > belong to SECURE256 but now got removed. So in order to be able to > use PSK I have to switch to SECURE128.
> I don't want to debate the reason for removing AES128 from SECURE256. > Obviously the security level with SECURE128 is just as high (or low) > as before. Rather I wonder, why PSK isn't used in conjunction with > AES256? There is very little point to use SECURE256. This is really an insane security level that has to be supported by public keys of equivalent level (e.g. for DHE in your case) that are of a size that probably would make the handshake extremely slow. However, for the situation you describe the issue isn't AES-256 but the fact that the PSK ciphersuites (in rfc4279) are defined using SHA-1, which isn't available any more in the 256-bit security level. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
