From: Nikos Mavrogiannopoulos Date: Mon, 9 Nov 2015 13:29:48 +0000 (+0100) Subject: Require TLS 1.2 for all the ciphersuites which are defined for it only X-Git-Tag: gnutls_3_5_0~599 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6312c13fb36baade5dd9df4c2f47c8671c5804ce;p=thirdparty%2Fgnutls.git Require TLS 1.2 for all the ciphersuites which are defined for it only This solves an interoperability issue with openssl. Reported by Viktor Dukhovni. --- diff --git a/lib/algorithms/ciphersuites.c b/lib/algorithms/ciphersuites.c index a75e13e144..05927fe9b5 100644 --- a/lib/algorithms/ciphersuites.c +++ b/lib/algorithms/ciphersuites.c @@ -336,8 +336,8 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_RSA_NULL_SHA256, GNUTLS_CIPHER_NULL, - GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_KX_RSA, GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), /* RSA */ ENTRY(GNUTLS_RSA_ARCFOUR_128_SHA1, @@ -363,12 +363,12 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_RSA_CAMELLIA_256_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_RSA_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, @@ -379,12 +379,12 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_RSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_RSA_AES_256_CBC_SHA256, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), /* GCM */ ENTRY(GNUTLS_RSA_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_RSA, @@ -446,13 +446,13 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_DHE_DSS_CAMELLIA_256_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_DHE_DSS_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, @@ -466,12 +466,12 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_DSS_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_DHE_DSS_AES_256_CBC_SHA256, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_DSS, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), /* GCM */ ENTRY(GNUTLS_DHE_DSS_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_DSS, @@ -506,13 +506,13 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_DHE_RSA_CAMELLIA_256_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_DHE_RSA_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_RSA, @@ -525,12 +525,12 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_RSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_DHE_RSA_AES_256_CBC_SHA256, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), /* GCM */ ENTRY(GNUTLS_DHE_RSA_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_RSA, @@ -592,20 +592,20 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY_PRF(GNUTLS_ECDHE_RSA_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_ECDHE_RSA_ARCFOUR_128_SHA1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_RSA, GNUTLS_MAC_SHA1, GNUTLS_SSL3, GNUTLS_VERSION_UNKNOWN), ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY_PRF(GNUTLS_ECDHE_RSA_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), /* ECDHE-ECDSA */ ENTRY(GNUTLS_ECDHE_ECDSA_NULL_SHA1, @@ -630,23 +630,23 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_VERSION_UNKNOWN), ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY_PRF(GNUTLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), /* More ECC */ ENTRY(GNUTLS_ECDHE_ECDSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_ECDHE_RSA_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_RSA, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_ECDHE_ECDSA_CAMELLIA_128_GCM_SHA256, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_ECDSA, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, @@ -673,8 +673,8 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_ECDHE_ECDSA_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_ECDSA, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_ECDHE_RSA_CAMELLIA_128_GCM_SHA256, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_ECDHE_RSA, @@ -728,12 +728,12 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_ECDHE_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY_PRF(GNUTLS_ECDHE_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_ECDHE_PSK_ARCFOUR_128_SHA1, GNUTLS_CIPHER_ARCFOUR, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA1, GNUTLS_SSL3, @@ -744,20 +744,20 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_ECDHE_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY_PRF(GNUTLS_ECDHE_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_ECDHE_PSK, GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_ECDHE_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY_PRF(GNUTLS_ECDHE_PSK_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ECDHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), /* PSK */ ENTRY(GNUTLS_PSK_ARCFOUR_128_SHA1, @@ -778,8 +778,8 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY_PRF(GNUTLS_PSK_AES_256_GCM_SHA384, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, @@ -804,25 +804,25 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY_PRF(GNUTLS_PSK_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), /* RSA-PSK */ ENTRY(GNUTLS_RSA_PSK_ARCFOUR_128_SHA1, @@ -857,36 +857,36 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS1_2), ENTRY(GNUTLS_RSA_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_RSA_PSK_NULL_SHA1, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_SHA1, GNUTLS_TLS1, GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_RSA_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_GCM_SHA384, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_RSA_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_RSA_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_RSA_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_RSA_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY_PRF(GNUTLS_RSA_PSK_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_RSA_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), /* DHE-PSK */ @@ -908,8 +908,8 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_PSK_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_DHE_PSK_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, @@ -920,28 +920,28 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DHE_PSK_NULL_SHA256, GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY_PRF(GNUTLS_DHE_PSK_NULL_SHA384, GNUTLS_CIPHER_NULL, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_CBC_SHA384, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY_PRF(GNUTLS_DHE_PSK_AES_256_GCM_SHA384, GNUTLS_CIPHER_AES_256_GCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY_PRF(GNUTLS_DHE_PSK_CAMELLIA_256_CBC_SHA384, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_DHE_PSK, - GNUTLS_MAC_SHA384, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN, GNUTLS_MAC_SHA384), + GNUTLS_MAC_SHA384, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2, GNUTLS_MAC_SHA384), ENTRY(GNUTLS_DHE_PSK_CAMELLIA_128_GCM_SHA256, GNUTLS_CIPHER_CAMELLIA_128_GCM, GNUTLS_KX_DHE_PSK, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, @@ -1020,13 +1020,13 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_DH_ANON_CAMELLIA_256_CBC_SHA256, GNUTLS_CIPHER_CAMELLIA_256_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_DH_ANON_CAMELLIA_128_CBC_SHA1, GNUTLS_CIPHER_CAMELLIA_128_CBC, GNUTLS_KX_ANON_DH, @@ -1039,12 +1039,12 @@ static const gnutls_cipher_suite_entry_st cs_algorithms[] = { GNUTLS_DTLS_VERSION_MIN), ENTRY(GNUTLS_DH_ANON_AES_128_CBC_SHA256, GNUTLS_CIPHER_AES_128_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_DH_ANON_AES_256_CBC_SHA256, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_KX_ANON_DH, - GNUTLS_MAC_SHA256, GNUTLS_TLS1, - GNUTLS_DTLS_VERSION_MIN), + GNUTLS_MAC_SHA256, GNUTLS_TLS1_2, + GNUTLS_DTLS1_2), ENTRY(GNUTLS_DH_ANON_AES_128_GCM_SHA256, GNUTLS_CIPHER_AES_128_GCM, GNUTLS_KX_ANON_DH, GNUTLS_MAC_AEAD, GNUTLS_TLS1_2, diff --git a/tests/mini-etm.c b/tests/mini-etm.c index 6d1d0ae57b..3c015e11df 100644 --- a/tests/mini-etm.c +++ b/tests/mini-etm.c @@ -346,7 +346,7 @@ static void start(const char *prio, unsigned etm) } #define AES_CBC "NONE:+VERS-TLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" -#define AES_CBC_SHA256 "NONE:+VERS-TLS1.0:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" +#define AES_CBC_SHA256 "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" #define AES_GCM "NONE:+VERS-TLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" static void ch_handler(int sig) diff --git a/tests/mini-record.c b/tests/mini-record.c index aae6fa6b68..7f27bbb86d 100644 --- a/tests/mini-record.c +++ b/tests/mini-record.c @@ -387,7 +387,7 @@ static void start(const char *prio) } #define AES_CBC "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" -#define AES_CBC_SHA256 "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" +#define AES_CBC_SHA256 "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" #define AES_GCM "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" #define AES_CCM "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-CCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL" #define AES_CCM_8 "NONE:+VERS-DTLS1.2:-CIPHER-ALL:+RSA:+AES-128-CCM-8:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"