[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS 2.8.6 vs RFC 4346 stringent EXPORT cipher suites condition
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: GnuTLS 2.8.6 vs RFC 4346 stringent EXPORT cipher suites condition |
Date: |
Sat, 20 Mar 2010 12:23:25 +0100 |
User-agent: |
Thunderbird 2.0.0.24 (X11/20100317) |
Adrian F. Dimcev wrote:
> http://www3.tools.ietf.org/html/rfc4346
>
> Section A5:
> A series of cipher suites were designed to operate at reduced key
> lengths in order to comply with those regulations. Due to advances in
> computer performance, these algorithms are now unacceptably weak, and
> export restrictions have since been loosened. TLS 1.1 implementations
> MUST NOT negotiate these cipher suites in TLS 1.1 mode. However, for
> backward compatibility they may be offered in the Client Hello for use
> with TLS 1.0 or SSLv3-only servers. TLS 1.1 clients MUST check that the
> server did not choose one of these cipher suites during the handshake.
> These ciphersuites are listed below for informational purposes and to
> reserve the numbers.
> CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 };
Hello and thank you for the report. I have committed a fix in the
development version.
regards,
Nikos