[gnutls-help] FIPS ciphers list is wrong
jonetsu
jonetsu at teksavvy.com
Wed Mar 11 18:27:46 CET 2015
> From: "Nikos Mavrogiannopoulos" <nmav at gnutls.org>
> Date: 03/11/15 11:27
> GNUTLS_FORCE_FIPS_MODE=1 ./gnutls-cli -l --priority NORMAL
> ./gnutls-cli -l --priority NORMAL
Thanks. In the resulting list many TLS1.0 are found:
(abridged list)
TLS_ECDHE_ECDSA_AES_128_CBC_SHA256 TLS1.0
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 TLS1.0
TLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 TLS1.0
TLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 TLS1.0
TLS_ECDHE_RSA_AES_128_CBC_SHA256 TLS1.0
[...]
However, NIST Special Publication 800-52 Revision 1 specifies
that no TLS1.0 should be used.
Please see '3.1 Protocol Version Support' in:
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf
Regards.
More information about the Gnutls-help
mailing list