TLS 1.2 server

Daiki Ueno ueno at unixuser.org
Wed Sep 30 03:53:45 CEST 2009


Hello,

I've just pushed TLS 1.2 server fix.  While it was done in the same way
as I did for client, I'd appreciate if someone will take a look at the
changes:

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=e0b1124f72e3d5210000b3f677b401d8b2654ea4
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=4b48a9e8e28bbd468b48ed5cb95ba0cce7508be6

The latter change is not essential by now but it will be needed when we
will use a hash algorithm other than SHA1 to compute a signature of DH
params.

Anyway, TLS 1.2 server works again.  I tried it with Opera 10 and the
test output from GnuTLS says:

 Server Name: localhost
 Ephemeral DH using prime of 1024 bits.

 Protocol version:	TLS1.2
 Certificate Type:	X.509
 Key Exchange:	DHE-RSA
 Compression	NULL
 Cipher	AES-256-CBC
 MAC	SHA256
 Ciphersuite	DHE_RSA_AES_256_CBC_SHA256

Regards,
-- 
Daiki Ueno





More information about the Gnutls-devel mailing list