[gnutls-devel] GnuTLS | tls1-prf: mark use of non-EMS PRF non-approved in FIPS (!1752)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon Jul 3 09:18:26 CEST 2023

Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/merge_requests/1752#note_1454471746

I had some off-line discussion on what would be the ideal behavior about extended master secret enforcement. There are 3 levels: (1) client doesn't send EMS extension, server doesn't accept EMS extension (= `%NO_SESSION_HASH`), (2) client sends EMS extension, server accepts EMS extension (= default), and (3) client sends EMS extension, server accepts EMS extension, both require EMS is negotiated (= `%FORCE_SESSION_HASH`).

This look analogous to client auth option (1 = nothing, 2 = request, 3 = require), except that (2) is the default in non-FIPS mode, while we probably want (3) as the default in FIPS mode. In the latter case, we probably also want to provide a way to revert it back to (2), for interoperability.

I would propose:
- keep the current modifier keywords (`%NO_SESSION_HASH` and `%FORCE_SESSION_HASH`)
- add a new configuration option to select (2) or (3), e.g., `session-hash = request` and `session-hash = require`

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1752#note_1454471746
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230703/578e25ce/attachment.html>

More information about the Gnutls-devel mailing list