[gnutls-dev]Re: GNU TLS

Nikos Mavroyanopoulos nmav at gnutls.org
Sat Jul 20 20:04:01 CEST 2002

On Sat, Jul 20, 2002 at 01:47:28PM +0200, Werner Koch wrote:

> > the browser. By supporting weak cyphers and ie. popping up a warning window
> > that the cypher is too weak and easy to break and if the user really want to
> Nikos, I'd suggest to return a special error message fro weak ciphers
> so that Petr is able to display a message "for security reasons this
> browser does not support easy crackable ciphers; see http:foo.bar for
> more information."

Yes this sounds neat. This is not easy though, since in TLS
the client sends its capabilities - and the ciphersuites it supports -
and the server responds with the selected ciphersuite.

A way to get over this, is to send an exportable ciphersuite
as the last in the priority list, and if this one is negotiated
then return the error code. 

PS. I'm leaving for vacations tomorrow, so have a nice summer!

> Salam-Shalom,
>    Werner

Nikos Mavroyanopoulos
mailto:nmav at gnutls.org

More information about the Gnutls-devel mailing list