[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnutls-3.0.9, PSK and SECURE256
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: gnutls-3.0.9, PSK and SECURE256 |
|
Date: |
Sun, 18 Dec 2011 19:25:08 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111114 Icedove/3.1.16 |
On 12/17/2011 09:36 PM, Michael Weiser wrote:
> Hello list, Hi Nikos, my home-grown stunnel-lookalike uses gnutls
> and PSK. I run it with the following ciphersuite priority
> specification: SECURE256:+ECDHE-PSK:+DHE-PSK:+PSK. After upgrading to
> gnutls-3.0.9 it no longer works. This seems to be due to the fact
> that PSK ciphersuites use AES128 at most. Up until 3.0.9 they used to
> belong to SECURE256 but now got removed. So in order to be able to
> use PSK I have to switch to SECURE128.
> I don't want to debate the reason for removing AES128 from SECURE256.
> Obviously the security level with SECURE128 is just as high (or low)
> as before. Rather I wonder, why PSK isn't used in conjunction with
> AES256?
There is very little point to use SECURE256. This is really an insane
security level that has to be supported by public keys of equivalent
level (e.g. for DHE in your case) that are of a size that probably
would make the handshake extremely slow.
However, for the situation you describe the issue isn't AES-256 but the
fact that the PSK ciphersuites (in rfc4279) are defined using SHA-1, which
isn't available any more in the 256-bit security level.
regards,
Nikos