[gnutls-devel] GnuTLS | Add GOST-CNT ciphersuite support (!1119)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Wed Nov 13 11:58:33 CET 2019




Nikos Mavrogiannopoulos started a new discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1119#note_243928311

>  #endif
>  #ifdef ENABLE_DHE
>  	GNUTLS_KX_DHE_RSA,
> +#endif
> +#ifdef ENABLE_GOST
> +	GNUTLS_KX_VKO_GOST_12,

That's a part which I think is the most questionable in terms of policy. How can we have an implementation which supports GOST but enables it conditionally. For example debian or fedora may want to support GOST but not enable it by default (i.e., enable it via a crypto policy). The reason is that this is a national standard, not widely accepted and enabling by default will trigger pushback to the whole effort of gost support. 

What are the options we have here?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1119#note_243928311
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191113/83659584/attachment.html>


More information about the Gnutls-devel mailing list