[gnutls-devel] GnuTLS | Add options to enable GOST by default/support different configuration sets (#879)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Dec 18 21:38:30 CET 2019



Dmitry Eremin-Solenikov created an issue: https://gitlab.com/gnutls/gnutls/issues/879



The following discussions from !1119 should be addressed:

- [ ] @nmav started a [discussion](https://gitlab.com/gnutls/gnutls/merge_requests/1119#note_243928311):  (+17 comments)

    > That's a part which I think is the most questionable in terms of policy. How can we have an implementation which supports GOST but enables it conditionally. For example debian or fedora may want to support GOST but not enable it by default (i.e., enable it via a crypto policy). The reason is that this is a national standard, not widely accepted and enabling by default will trigger pushback to the whole effort of gost support. 

For now GOST ciphersuites are going to be merged, but they have to be explicitly enabled on both server (this is more or less fine) and on client (and this ideally should be fixed) sides.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/879
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191218/3dfac89a/attachment.html>


More information about the Gnutls-devel mailing list