[gnutls-devel] cipher suites
Stefan Bühler
stbuehler at lighttpd.net
Thu Oct 24 16:37:58 CEST 2013
Hi,
On Tue, 22 Oct 2013 14:58:32 +0200
Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> I have added most, if not all of the missing ciphersuites.
> Unfortunately for several of them there are no test servers I can
> test against (e.g., camellia-gcm). Hence, I have not enabled them by
> default.
You missed 3 afaics:
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
With priority string "SECURE256:+SECURE128:-DHE-DSS:-ECDHE-ECDSA" this
should lead to something like this right now:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[...]
It would really be nice not to see a SHA1 cipher as first "non-GCM"
cipher in that list - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384...
Thanks for adding Camellia-GCM and all the others :)
regards,
Stefan
More information about the Gnutls-devel
mailing list