subject:"Bug#710657\: gnutls\: Negiotates an SSL v3.0 cipher when talkign to openssl using TLS 1.2"

Bug#710657: gnutls: Negiotates an SSL v3.0 cipher when talkign to openssl using TLS 1.2

2013-06-02 Thread James Cloos

For whatever it is worth, using the same cipher suite on the servers (each running sid), gnutls3 chooses this when talking to nginx-1.4.1: - Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP256R1)-(AES-256-GCM)-(AEAD) but this when talking to apache2.4: - Description: (TLS1.2-PKIX)-(ECDHE-RSA-SECP256R1

Bug#710657: gnutls: Negiotates an SSL v3.0 cipher when talkign to openssl using TLS 1.2

2013-06-02 Thread Kurt Roeckx

On Sun, Jun 02, 2013 at 06:41:47PM +0200, Andreas Metzler wrote: > * Regarding SHA-1: > Quoting Nikos Mavrogiannopoulos in : > "I'm not aware of weaknesses in SHA-1 when used with the HMAC > construction." So maybe we should switch to HMAC-MD5, since it also do

Bug#710657: gnutls: Negiotates an SSL v3.0 cipher when talkign to openssl using TLS 1.2

2013-06-02 Thread Andreas Metzler

On 2013-06-01 Kurt Roeckx wrote: > Source: gnutls26 > Version: 2.12.20-6 > Severity: important > Tags: security > Hi, > When using gnutls-cli to talk to apache with mod_ssl, I > always get this when testing with SSL v3.0 to TLS v1.2: > - Key Exchange: DHE-RSA > - Cipher: AES-128-CBC > - MAC: SHA1

Bug#710657: gnutls: Negiotates an SSL v3.0 cipher when talkign to openssl using TLS 1.2

2013-06-01 Thread Kurt Roeckx

Source: gnutls26 Version: 2.12.20-6 Severity: important Tags: security Hi, When using gnutls-cli to talk to apache with mod_ssl, I always get this when testing with SSL v3.0 to TLS v1.2: - Key Exchange: DHE-RSA - Cipher: AES-128-CBC - MAC: SHA1 When talking to it with TLS 1.2, I really would lik