TLS 1.2 server
Simon Josefsson
simon at josefsson.org
Wed Sep 30 07:50:35 CEST 2009
Daiki Ueno <ueno at unixuser.org> writes:
> Hello,
>
> I've just pushed TLS 1.2 server fix. While it was done in the same way
> as I did for client, I'd appreciate if someone will take a look at the
> changes:
>
> http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=e0b1124f72e3d5210000b3f677b401d8b2654ea4
> http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=4b48a9e8e28bbd468b48ed5cb95ba0cce7508be6
>
> The latter change is not essential by now but it will be needed when we
> will use a hash algorithm other than SHA1 to compute a signature of DH
> params.
>
> Anyway, TLS 1.2 server works again. I tried it with Opera 10 and the
> test output from GnuTLS says:
Great, thank you! The patch seems fine to me.
What do you think we should do about the CertificateRequest
supported_signature_algorithms field? I think the application may want
to look at the server preference when deciding which certificate to use,
and GnuTLS may want to use this information internally too, when it is
selecting the certificate.
/Simon
> Server Name: localhost
> Ephemeral DH using prime of 1024 bits.
>
> Protocol version: TLS1.2
> Certificate Type: X.509
> Key Exchange: DHE-RSA
> Compression NULL
> Cipher AES-256-CBC
> MAC SHA256
> Ciphersuite DHE_RSA_AES_256_CBC_SHA256
>
> Regards,
More information about the Gnutls-devel
mailing list