[gnutls-devel] cipher suites

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Oct 25 14:22:27 CEST 2013


On 10/25/2013 12:56 PM, Stefan Bühler wrote:

>>> TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
>>> TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
>> These two exist though. 
> Ah. I used the kx, cipher and mac (prf for AEAD mac) algorithm names to
> generate the "official" TLS names. You configured these two to have
> mac=SHA256 - which is why i couldn't find them. I guess they should use
> mac=SHA384, right?

Ouch. I tried to verify each and every one but it seems I missed those.
I've now fixed them.

> From some naming inconsistencies aside I think all other names match the
> specified algorithms, although I didn't check whether the 16-bit id
> matches the official listing.

> The inconsistencies are:
> * ARCFOUR is ARCFOUR_128 in ECDH* ciphers
> * if the mac is SHA1 and the cipher not a SALSA20 one, PSK, DHE-PSK and
>   RSA-PSK become *PSK-SHA

This should be fixed by now.

regards,
Nikos




More information about the Gnutls-devel mailing list