[gnutls-devel] forcing 256bit symetric?
James Cloos
cloos at jhcloos.com
Thu Apr 16 19:18:46 CEST 2015
>>>>> "NM" == Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
JC>> What is the shortest priority to demand aes256, prefering aead, but
JC>> accept the certs in actual use in the wild?
NM> NORMAL:-CIPHER-ALL:+AES-128-GCM:+...
That gave me the hint I needed. I ended up with:
NORMAL:-VERS-ALL:+VERS-TLS1.2:-CIPHER-ALL:+CHACHA20-POLY1305:+AES-256-GCM
I'll add +AES-256-CCM once I know it is happy on my box.
>> SECURE256 fails because it demands sha512 and essentially no one uses
>> that to sign certs.
NM> Correct. We may need different keywords to indicate secrecy level of
NM> 256-bits, while keeping the handshake security level to the current
NM> defaults.
Sounds like a plan.
-JimC
--
James Cloos <cloos at jhcloos.com> OpenPGP: 0x997A9F17ED7DAEA6
More information about the Gnutls-devel
mailing list