Re: GnuTLS 2.8.6 vs RFC 4346 stringent EXPORT cipher suites condition

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GnuTLS 2.8.6 vs RFC 4346 stringent EXPORT cipher suites condition

From:	Nikos Mavrogiannopoulos
Subject:	Re: GnuTLS 2.8.6 vs RFC 4346 stringent EXPORT cipher suites condition
Date:	Sat, 20 Mar 2010 12:23:25 +0100
User-agent:	Thunderbird 2.0.0.24 (X11/20100317)

Adrian F. Dimcev wrote:
> http://www3.tools.ietf.org/html/rfc4346
> 
> Section A5:
> A series of cipher suites were designed to operate at reduced key
> lengths in order to comply with those regulations.  Due to advances in
> computer performance, these algorithms are now unacceptably weak, and
> export restrictions have since been loosened. TLS 1.1 implementations
> MUST NOT negotiate these cipher suites in TLS 1.1 mode. However, for
> backward compatibility they may be offered in the Client Hello for use
> with TLS 1.0 or SSLv3-only servers. TLS 1.1 clients MUST check that the
> server did not choose one of these cipher suites during the handshake. 
> These ciphersuites are listed below for informational purposes and to
> reserve the numbers.
> CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 };

Hello and thank you for the report. I have committed a fix in the
development version.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

GnuTLS 2.8.6 vs RFC 4346 stringent EXPORT cipher suites condition, Adrian F. Dimcev, 2010/03/19
- Re: GnuTLS 2.8.6 vs RFC 4346 stringent EXPORT cipher suites condition, Nikos Mavrogiannopoulos <=

Prev by Date: Re: GnuTLS 2.8.6
Next by Date: Re: ASN1 structure implementation is missing for OID 2.5.4.17 which is PostalCode, and OID 2.5.4.41 (Name) definition
Previous by thread: GnuTLS 2.8.6 vs RFC 4346 stringent EXPORT cipher suites condition
Next by thread: Security problem in GnuTLS v1.2.0 and earlier [GNUTLS-SA-2010-1]
Index(es):
- Date
- Thread