error in TLS 1.2 implementation

Nikos Mavrogiannopoulos nmav at
Fri Nov 12 00:01:23 CET 2010

On 11/11/2010 08:52 PM, Nephi Allred wrote:
> I believe that there is an error in gnutls's implementation of TLS
> 1.2, specifically in the PRF.
> The spec (RFC 5246) section 5 (page 13) states that all cipher suites
> in TLS 1.2 use P_SHA256 as the PRF. However, gnutls uses P_hash where
> hash is the MAC hash algorithm for the cipher suite. So for example
> when the cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA then gnutls uses
> P_SHA1 as the PRF. This goes against the spec, or am I missing
> something?

Which version of gnutls do you use? TLS 1.2 is fully supported on 2.10.0
and later versions. What you say shouldn't occur in those versions.


More information about the Gnutls-devel mailing list