]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
allow ciphersuites with elliptic curves even when using SSL 3.0. This works around...
authorNikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 29 May 2013 19:16:38 +0000 (21:16 +0200)
committerNikos Mavrogiannopoulos <nmav@gnutls.org>
Wed, 29 May 2013 19:17:13 +0000 (21:17 +0200)
lib/algorithms/ciphersuites.c

index b9a326d288531227caab7071d313bd259a3361e1..d0a659775476ab081529713450139a43f44ae30f 100644 (file)
@@ -397,36 +397,36 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
 /* ECC-RSA */
   ENTRY (GNUTLS_ECDHE_RSA_NULL_SHA1,
                              GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_RSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   ENTRY (GNUTLS_ECDHE_RSA_3DES_EDE_CBC_SHA1,
                              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_RSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   ENTRY (GNUTLS_ECDHE_RSA_AES_128_CBC_SHA1,
                              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   ENTRY (GNUTLS_ECDHE_RSA_AES_256_CBC_SHA1,
                              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   /* ECDHE-ECDSA */
   ENTRY (GNUTLS_ECDHE_ECDSA_NULL_SHA1,
                              GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_ECDSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   ENTRY (GNUTLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1,
                              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_ECDSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   ENTRY (GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA1,
                              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   ENTRY (GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA1,
                              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   /* More ECC */
 
@@ -498,15 +498,15 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
   /* ECC - PSK */
   ENTRY (GNUTLS_ECDHE_PSK_3DES_EDE_CBC_SHA1,
                              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ECDHE_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA1,
                              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   ENTRY (GNUTLS_ECDHE_PSK_AES_256_CBC_SHA1,
                              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   ENTRY (GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256,
                              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
@@ -673,19 +673,19 @@ static const gnutls_cipher_suite_entry cs_algorithms[] = {
 /* ECC-ANON */
   ENTRY (GNUTLS_ECDH_ANON_NULL_SHA1,
                              GNUTLS_CIPHER_NULL, GNUTLS_KX_ANON_ECDH,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   ENTRY (GNUTLS_ECDH_ANON_3DES_EDE_CBC_SHA1,
                              GNUTLS_CIPHER_3DES_CBC, GNUTLS_KX_ANON_ECDH,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   ENTRY (GNUTLS_ECDH_ANON_AES_128_CBC_SHA1,
                              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_ECDH,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
   ENTRY (GNUTLS_ECDH_ANON_AES_256_CBC_SHA1,
                              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_ECDH,
-                             GNUTLS_MAC_SHA1, GNUTLS_TLS1_0,
+                             GNUTLS_MAC_SHA1, GNUTLS_SSL3,
                              GNUTLS_DTLS_VERSION_MIN),
 #endif
 #ifdef ENABLE_SRP