Require TLS 1.2 for all the ciphersuites which are defined for it only

This solves an interoperability issue with openssl. Reported by Viktor Dukhovni.

diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c
index a75e13e144d86f13ca0809a75eae1cd235e3b943..05927fe9b578275147d23d71fb3ae7722e15cc3e 100644 (file)
--- a/lib/algorithms/ciphersuites.c
+++ b/lib/algorithms/ciphersuites.c
@@ -336,8 +336,8 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_DTLS_VERSION_MIN),
        ENTRY(GNUTLS_RSA_NULL_SHA256,
              GNUTLS_CIPHER_NULL,
-             GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
 
        /* RSA */
        ENTRY(GNUTLS_RSA_ARCFOUR_128_SHA1,
@@ -363,12 +363,12 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
 
        ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1,
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
@@ -379,12 +379,12 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_DTLS_VERSION_MIN),
        ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256,
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256,
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
 /* GCM */
        ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256,
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA,
@@ -446,13 +446,13 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
        ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_128_CBC,
              GNUTLS_KX_DHE_DSS,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_256_CBC,
              GNUTLS_KX_DHE_DSS,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
 
        ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1,
              GNUTLS_CIPHER_CAMELLIA_128_CBC,
@@ -466,12 +466,12 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_DTLS_VERSION_MIN),
        ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256,
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256,
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
 /* GCM */
        ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256,
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS,
@@ -506,13 +506,13 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
        ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_128_CBC,
              GNUTLS_KX_DHE_RSA,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_256_CBC,
              GNUTLS_KX_DHE_RSA,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1,
              GNUTLS_CIPHER_CAMELLIA_128_CBC,
              GNUTLS_KX_DHE_RSA,
@@ -525,12 +525,12 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_DTLS_VERSION_MIN),
        ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256,
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256,
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
 /* GCM */
        ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256,
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA,
@@ -592,20 +592,20 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_DTLS_VERSION_MIN),
        ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384,
                  GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
        ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1,
              GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
              GNUTLS_VERSION_UNKNOWN),
        ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384,
                  GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
        /* ECDHE-ECDSA */
        ENTRY(GNUTLS_ECDHE_ECDSA_NULL_SHA1,
@@ -630,23 +630,23 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_VERSION_UNKNOWN),
        ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384,
                  GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
        /* More ECC */
 
        ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256,
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256,
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256,
              GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
@@ -673,8 +673,8 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
        ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384,
                  GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
        ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256,
              GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA,
@@ -728,12 +728,12 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_DTLS_VERSION_MIN),
        ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256,
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384,
                  GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
        ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1,
              GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_SSL3,
@@ -744,20 +744,20 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_DTLS_VERSION_MIN),
        ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256,
              GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384,
                  GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK,
                  GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
        ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384,
                  GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
        /* PSK */
        ENTRY(GNUTLS_PSK_ARCFOUR_128_SHA1,
@@ -778,8 +778,8 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_DTLS_VERSION_MIN),
        ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256,
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384,
                  GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
@@ -804,25 +804,25 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_DTLS_VERSION_MIN),
        ENTRY(GNUTLS_PSK_NULL_SHA256,
              GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384,
                  GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
        ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384,
                  GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
        ENTRY_PRF(GNUTLS_PSK_NULL_SHA384,
                  GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
        /* RSA-PSK */
        ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1,
@@ -857,36 +857,36 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256,
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_RSA_PSK_NULL_SHA1,
              GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
              GNUTLS_MAC_SHA1, GNUTLS_TLS1,
              GNUTLS_DTLS_VERSION_MIN),
        ENTRY(GNUTLS_RSA_PSK_NULL_SHA256,
              GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384,
                  GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
        ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384,
                  GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
        ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384,
                  GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
        ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384,
                  GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
 
 
        /* DHE-PSK */
@@ -908,8 +908,8 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_DTLS_VERSION_MIN),
        ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256,
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256,
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
@@ -920,28 +920,28 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_DTLS_VERSION_MIN),
        ENTRY(GNUTLS_DHE_PSK_NULL_SHA256,
              GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384,
                  GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
        ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384,
                  GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
        ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384,
                  GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK,
                  GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
                  GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
        ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384,
                  GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK,
-                 GNUTLS_MAC_SHA384, GNUTLS_TLS1,
-                 GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384),
+                 GNUTLS_MAC_SHA384, GNUTLS_TLS1_2,
+                 GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384),
        ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256,
              GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,
@@ -1020,13 +1020,13 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
        ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_128_CBC,
              GNUTLS_KX_ANON_DH,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256,
              GNUTLS_CIPHER_CAMELLIA_256_CBC,
              GNUTLS_KX_ANON_DH,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1,
              GNUTLS_CIPHER_CAMELLIA_128_CBC,
              GNUTLS_KX_ANON_DH,
@@ -1039,12 +1039,12 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = {
              GNUTLS_DTLS_VERSION_MIN),
        ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256,
              GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256,
              GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH,
-             GNUTLS_MAC_SHA256, GNUTLS_TLS1,
-             GNUTLS_DTLS_VERSION_MIN),
+             GNUTLS_MAC_SHA256, GNUTLS_TLS1_2,
+             GNUTLS_DTLS1_2),
        ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256,
              GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH,
              GNUTLS_MAC_AEAD, GNUTLS_TLS1_2,

diff --git a/tests/mini-etm.c b/tests/mini-etm.c
index 6d1d0ae57b1bd7e1fa62286f5a1bd4cb7e1005bc..3c015e11dfaebca058849f61aa35efa90fd00b13 100644 (file)
--- a/tests/mini-etm.c
+++ b/tests/mini-etm.c
@@ -346,7 +346,7 @@ static void start(const char *prio, unsigned etm)
 }
 
 #define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
-#define AES_CBC_SHA256 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
+#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
 #define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
 
 static void ch_handler(int sig)

diff --git a/tests/mini-record.c b/tests/mini-record.c
index aae6fa6b680fcbc8606f3355df359185bcbf8642..7f27bbb86dae22826643b26fb9755d41afd325ee 100644 (file)
--- a/tests/mini-record.c
+++ b/tests/mini-record.c
@@ -387,7 +387,7 @@ static void start(const char *prio)
 }
 
 #define AES_CBC "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
-#define AES_CBC_SHA256 "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
+#define AES_CBC_SHA256 "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
 #define AES_GCM "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
 #define AES_CCM "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-CCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
 #define AES_CCM_8 "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-CCM-8:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"