error in TLS 1.2 implementation

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

error in TLS 1.2 implementation

From:	Nephi Allred
Subject:	error in TLS 1.2 implementation
Date:	Thu, 11 Nov 2010 12:52:46 -0700

I believe that there is an error in gnutls's implementation of TLS
1.2, specifically in the PRF.
The spec (RFC 5246) section 5 (page 13) states that all cipher suites
in TLS 1.2 use P_SHA256 as the PRF. However, gnutls uses P_hash where
hash is the MAC hash algorithm for the cipher suite. So for example
when the cipher suite is TLS_RSA_WITH_AES_128_CBC_SHA then gnutls uses
P_SHA1 as the PRF. This goes against the spec, or am I missing
something?

[Prev in Thread]

Current Thread

[Next in Thread]

error in TLS 1.2 implementation, Nephi Allred <=
- Re: error in TLS 1.2 implementation, Nikos Mavrogiannopoulos, 2010/11/11

Prev by Date: [sr #107513] [PATCH] lib/gnutls_x509.c: remove redundant check
Next by Date: [sr #107513] [PATCH] lib/gnutls_x509.c: remove redundant check
Previous by thread: [sr #107513] [PATCH] lib/gnutls_x509.c: remove redundant check
Next by thread: Re: error in TLS 1.2 implementation
Index(es):
- Date
- Thread