Re: error in TLS 1.2 implementation

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: error in TLS 1.2 implementation

From:	Nikos Mavrogiannopoulos
Subject:	Re: error in TLS 1.2 implementation
Date:	Fri, 12 Nov 2010 00:01:23 +0100
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.15) Gecko/20101027 Thunderbird/3.0.10

On 11/11/2010 08:52 PM, Nephi Allred wrote:
> I believe that there is an error in gnutls's implementation of TLS
> 1.2, specifically in the PRF.
> The spec (RFC 5246) section 5 (page 13) states that all cipher suites
> in TLS 1.2 use P_SHA256 as the PRF. However, gnutls uses P_hash where
> hash is the MAC hash algorithm for the cipher suite. So for example
> when the cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA then gnutls uses
> P_SHA1 as the PRF. This goes against the spec, or am I missing
> something?

Which version of gnutls do you use? TLS 1.2 is fully supported on 2.10.0
and later versions. What you say shouldn't occur in those versions.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

error in TLS 1.2 implementation, Nephi Allred, 2010/11/11
- Re: error in TLS 1.2 implementation, Nikos Mavrogiannopoulos <=

Prev by Date: [sr #107513] [PATCH] lib/gnutls_x509.c: remove redundant check
Next by Date: [sr #107518] GnuTLS: After DSA Key Generation, 2 Integers were Encoded Incorrectly
Previous by thread: error in TLS 1.2 implementation
Next by thread: [sr #107518] GnuTLS: After DSA Key Generation, 2 Integers were Encoded Incorrectly
Index(es):
- Date
- Thread