[gnutls-dev]Re: GNU TLS

Nikos Mavroyanopoulos nmav@gnutls.org
Sat Jul 20 20:04:01 2002


On Sat, Jul 20, 2002 at 01:47:28PM +0200, Werner Koch wrote:

> > the browser. By supporting weak cyphers and ie. popping up a warning window
> > that the cypher is too weak and easy to break and if the user really want to
> Nikos, I'd suggest to return a special error message fro weak ciphers
> so that Petr is able to display a message "for security reasons this
> browser does not support easy crackable ciphers; see http:foo.bar for
> more information."

Yes this sounds neat. This is not easy though, since in TLS
the client sends its capabilities - and the ciphersuites it supports -
and the server responds with the selected ciphersuite.

A way to get over this, is to send an exportable ciphersuite
as the last in the priority list, and if this one is negotiated
then return the error code. 


PS. I'm leaving for vacations tomorrow, so have a nice summer!


> Salam-Shalom,
>    Werner

-- 
Nikos Mavroyanopoulos
mailto:nmav@gnutls.org