[gnutls-devel] gnutls-cli and invoke-gnutls-cli.texi disagree
Tim Ruehsen
tim.ruehsen at gmx.de
Fri Sep 6 12:52:15 CEST 2013
Hi,
regarding GnuTLS 3.2.4:
The docs (invoke-gnutls-cli.texi) say
Cipher suites for SECURE192
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 0xc0, 0x24 TLS1.2
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2e TLS1.2
TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2
TLS_RSA_AES_256_CBC_SHA256 0x00, 0x3d TLS1.2
while the invokation of 'gnutls-cli --priority SECURE192 -l'
says:
Cipher suites for SECURE192
TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 0xc0, 0x24 TLS1.2
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 0xc0, 0x2c TLS1.2
TLS_ECDHE_RSA_AES_256_GCM_SHA384 0xc0, 0x30 TLS1.2
TLS_RSA_AES_256_CBC_SHA256 0x00, 0x3d TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2
TLS_DHE_DSS_AES_256_CBC_SHA256 0x00, 0x6a TLS1.2
Shouldn't the DHE key exchange be preferred to RSA, like the docs say ?
If I understood it correctly, DHE is more secure in means of 'Perfect Forward
Security'.
Could someone bring some light in here ?
Regards, Tim
More information about the Gnutls-devel
mailing list