Hodie V Id. Aug. MMX, Erwann ABALEA scripsit: [...] > This is not possible, as the ciphersuites defined by RFC5246 all > use P_SHA256 as the PRF (paragraph 1.2). > In paragraph 5, it is said "New cipher suites MUST explicitely specify > a PRF and, in general, SHOULD use the TLS PRF with SHA-256 or a > stronger standard hash function". That's precisely what is done, since > new ciphersuites use P_SHA256 as the PRF. Using the old PRF with the > new ciphersuites is not standard at all.
I just checked NSS (3.12.6) and GNUTLS (2.11.0). NSS doesn't support TLS1.2 at all, neither the protocol nor the ciphersuites. Some code needs to be adapted to specify the PRF to be used. GNUTLS supports TLS1.2, with its ciphersuites, and all the new ciphersuites use SHA256 as the PRF. If a new ciphersuite with a stronger hash function is defined as its PRF, then GNUTLS would have to be modified (right now the selection of the PRF is done by the TLS version from which the ciphersuite is issued). So, using the old PRF with new ciphersuites is nonstandard, but could also lead to interoperability problems. -- Erwann ABALEA <erwann.aba...@keynectis.com> Département R&D KEYNECTIS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
