On Wed, 2015-03-11 at 13:27 -0400, jonetsu wrote: > > From: "Nikos Mavrogiannopoulos" <[email protected]> > > Date: 03/11/15 11:27 > > GNUTLS_FORCE_FIPS_MODE=1 ./gnutls-cli -l --priority NORMAL > > ./gnutls-cli -l --priority NORMAL > Thanks. In the resulting list many TLS1.0 are found: > > (abridged list) > > TLS_ECDHE_ECDSA_AES_128_CBC_SHA256 TLS1.0 > TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 TLS1.0 > TLS_ECDHE_ECDSA_CAMELLIA_128_CBC_SHA256 TLS1.0 > TLS_ECDHE_ECDSA_CAMELLIA_256_CBC_SHA384 TLS1.0 > TLS_ECDHE_RSA_AES_128_CBC_SHA256 TLS1.0 > [...] > However, NIST Special Publication 800-52 Revision 1 specifies > that no TLS1.0 should be used. > Please see '3.1 Protocol Version Support' in: > http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf
That's correct, but I don't think that SP800-52 is a requirement in FIPS140-2. Do you have such a reference? regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
