[gnutls-dev] Weak ciphers?

Nikos Mavroyanopoulos nmav at gnutls.org
Fri Oct 17 18:39:03 CEST 2003


On Fri, Oct 17, 2003 at 05:16:14PM +0300, Nikos Mavroyanopoulos wrote:

> > Hi,
> > One of the users of the Debian GNU TLS package wants to use openldap
> > (the Debian package now uses GNU TLS to setup SSL connections) to
> > connect to a Netscape LDAP server, which only uses:
> > nsssl2ciphers: +rc2export,+rc4export
> > nsssl3ciphers: -rsa_null_md5,+rsa_rc2_40_md5,+rsa_rc4_40_md5
> > Is there a way to make GNU TLS set up a connection to this server?
> The ciphersuite TLS_RSA_EXPORT_ARCFOUR_40_MD5 is supported, so rsa_rc4_40_md5
> seems to be common (RC2 is not supported in gnutls for TLS connections).

I forgot to say that in order to enable this ciphersuite,
gnutls_set_default_export_priority() has to be called, or the 
ciphers GNUTLS_CIPHER_ARCFOUR_40 and GNUTLS_KX_RSA_EXPORT, have 
to be enabled.


-- 
Nikos Mavroyanopoulos



More information about the Gnutls-dev mailing list