mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 10:55:38 +01:00
RSA-PSK key exchange requires TLS 1.x
It's not clear if, with SSL3, one should include send the two length bytes for EncryptedPreMasterSecret or not, so require TLS to avoid interop issues.
This commit is contained in:
Manuel Pégourié-Gonnard
parent
e46aa5e336
commit
a04fa4fa04
@ -8,6 +8,8 @@ Bugfix
|
|||||||
Changes
|
Changes
|
||||||
* Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no
|
* Ciphersuites using SHA-256 or SHA-384 now require TLS 1.x (there is no
|
||||||
standard defining how to use SHA-2 with SSL 3.0).
|
standard defining how to use SHA-2 with SSL 3.0).
|
||||||
|
* Ciphersuites using RSA-PSK key exchange new require TLS 1.x (the spec is
|
||||||
|
ambiguous on how to encode some packets with SSL 3.0).
|
||||||
|
|
||||||
= PolarSSL 1.3.8 released 2014-07-11
|
= PolarSSL 1.3.8 released 2014-07-11
|
||||||
Security
|
Security
|
||||||
|
|||||||
@ -1444,13 +1444,13 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||||||
#if defined(POLARSSL_SHA1_C)
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
|
{ TLS_RSA_PSK_WITH_AES_128_CBC_SHA, "TLS-RSA-PSK-WITH-AES-128-CBC-SHA",
|
||||||
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
POLARSSL_CIPHER_AES_128_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
|
|
||||||
{ TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
|
{ TLS_RSA_PSK_WITH_AES_256_CBC_SHA, "TLS-RSA-PSK-WITH-AES-256-CBC-SHA",
|
||||||
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
POLARSSL_CIPHER_AES_256_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* POLARSSL_SHA1_C */
|
#endif /* POLARSSL_SHA1_C */
|
||||||
@ -1500,7 +1500,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||||||
#if defined(POLARSSL_SHA1_C)
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
|
{ TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA, "TLS-RSA-PSK-WITH-3DES-EDE-CBC-SHA",
|
||||||
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
POLARSSL_CIPHER_DES_EDE3_CBC, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* POLARSSL_SHA1_C */
|
#endif /* POLARSSL_SHA1_C */
|
||||||
@ -1511,7 +1511,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||||||
#if defined(POLARSSL_SHA1_C)
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
|
{ TLS_RSA_PSK_WITH_RC4_128_SHA, "TLS-RSA-PSK-WITH-RC4-128-SHA",
|
||||||
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
POLARSSL_CIPHER_ARC4_128, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
0 },
|
0 },
|
||||||
#endif /* POLARSSL_SHA1_C */
|
#endif /* POLARSSL_SHA1_C */
|
||||||
@ -1628,7 +1628,7 @@ static const ssl_ciphersuite_t ciphersuite_definitions[] =
|
|||||||
#if defined(POLARSSL_SHA1_C)
|
#if defined(POLARSSL_SHA1_C)
|
||||||
{ TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
|
{ TLS_RSA_PSK_WITH_NULL_SHA, "TLS-RSA-PSK-WITH-NULL-SHA",
|
||||||
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
POLARSSL_CIPHER_NULL, POLARSSL_MD_SHA1, POLARSSL_KEY_EXCHANGE_RSA_PSK,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_0,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_1,
|
||||||
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
SSL_MAJOR_VERSION_3, SSL_MINOR_VERSION_3,
|
||||||
POLARSSL_CIPHERSUITE_WEAK },
|
POLARSSL_CIPHERSUITE_WEAK },
|
||||||
#endif /* POLARSSL_SHA1_C */
|
#endif /* POLARSSL_SHA1_C */
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user