[gnutls-devel] forcing 256bit symetric?

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Apr 16 18:28:25 CEST 2015


On Thu, 2015-04-16 at 11:07 -0400, James Cloos wrote:
> What is the shortest priority to demand aes256, prefering aead, but
> accept the certs in actual use in the wild?

NORMAL:-CIPHER-ALL:+AES-128-GCM:+...

> SECURE256 fails because it demands sha512 and essentially no one uses
> that to sign certs.

Correct. We may need different keywords to indicate secrecy level of
256-bits, while keeping the handshake security level to the current
defaults.






More information about the Gnutls-devel mailing list