[gnutls-devel] cipher suites

Stefan Bühler stbuehler at lighttpd.net
Thu Oct 24 16:37:58 CEST 2013


Hi,

On Tue, 22 Oct 2013 14:58:32 +0200
Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:

> I have added most, if not all of the missing ciphersuites.
> Unfortunately for several of them there are no test servers I can
> test against (e.g., camellia-gcm). Hence, I have not enabled them by
> default.

You missed 3 afaics:

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384

With priority string "SECURE256:+SECURE128:-DHE-DSS:-ECDHE-ECDSA" this
should lead to something like this right now:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
[...]

It would really be nice not to see a SHA1 cipher as first "non-GCM"
cipher in that list - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384...

Thanks for adding Camellia-GCM and all the others :)

regards,
Stefan



More information about the Gnutls-devel mailing list