From: Nikos Mavrogiannopoulos Date: Wed, 29 May 2013 19:16:38 +0000 (+0200) Subject: allow ciphersuites with elliptic curves even when using SSL 3.0. This works around... X-Git-Tag: gnutls_3_2_2~102 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=066f07faafba84ba075e08905153a21c1aa0da82;p=thirdparty%2Fgnutls.git allow ciphersuites with elliptic curves even when using SSL 3.0. This works around a bug on openssl in certain Debian systems. --- diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index b9a326d288..d0a6597754 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -397,36 +397,36 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { /* ECC-RSA */ ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), /* ECDHE-ECDSA */ ENTRY (GNUTLS_ECDHE_ECDSA_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), /* More ECC */ @@ -498,15 +498,15 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { /* ECC - PSK */ ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, @@ -673,19 +673,19 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = { /* ECC-ANON */ ENTRY (GNUTLS_ECDH_ANON_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1, GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA1, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH, - GNUTLS_MAC_SHA1, GNUTLS_TLS1_0, + GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_DTLS_VERSION_MIN), #endif #ifdef ENABLE_SRP