I'm writing dtls client on pure js and i'm trying to test these chipher suites:

  • TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
  • TLS_PSK_WITH_AES_128_GCM_SHA256
  • TLS_PSK_WITH_AES_256_GCM_SHA384

I use simple echo dtls server (from gnutls default examples) with this priority string:

"NORMAL:+LEGACY:+AEAD:+ECDHE-ECDSA:+ECDHE-RSA:+RSA:+PSK:+ECDHE-PSK:+SHA384:+VERS-DTLS1.2".

Server reject these ciphers with error Security level of algorithm requires hash SHA384(48) or better. Which 'security level' he need? Which priority string should i use?

Server source code: dtlsd.c

0 Answers