[gnutls-devel] cipher suites

Stefan Bühler stbuehler at lighttpd.net
Fri Oct 25 12:56:25 CEST 2013


On Fri, 25 Oct 2013 09:53:02 +0200
Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:

> These two exist though.

Ah. I used the kx, cipher and mac (prf for AEAD mac) algorithm names to
generate the "official" TLS names. You configured these two to have
mac=SHA256 - which is why i couldn't find them. I guess they should use
mac=SHA384, right?

From some naming inconsistencies aside I think all other names match the
specified algorithms, although I didn't check whether the 16-bit id
matches the official listing.

The inconsistencies are:
* ARCFOUR is ARCFOUR_128 in ECDH* ciphers
* if the mac is SHA1 and the cipher not a SALSA20 one, PSK, DHE-PSK and
  RSA-PSK become *PSK-SHA

More information about the Gnutls-devel mailing list