error in TLS 1.2 implementation

Nephi Allred nephi.allred at
Thu Nov 11 20:52:46 CET 2010

I believe that there is an error in gnutls's implementation of TLS
1.2, specifically in the PRF.
The spec (RFC 5246) section 5 (page 13) states that all cipher suites
in TLS 1.2 use P_SHA256 as the PRF. However, gnutls uses P_hash where
hash is the MAC hash algorithm for the cipher suite. So for example
when the cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA then gnutls uses
P_SHA1 as the PRF. This goes against the spec, or am I missing

More information about the Gnutls-devel mailing list