[gnutls-devel] GnuTLS | Please prefer PFS ciphers over plain RSA ones. (#862)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Nov 21 17:27:32 CET 2019
sebastianas created an issue: https://gitlab.com/gnutls/gnutls/issues/862
## Description of problem:
Ciphers with priority normal prefer non-PFS cipher over PFS cipher.
## Version of gnutls used:
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
## How reproducible:
Steps to Reproduce:
Connect to a server which supports TLS_RSA_AES_256_GCM_SHA384 and TLS_DHE_RSA_AES_256_GCM_SHA384 but has no server preference.
## Actual results:
Connections happens with TLS_RSA_AES_256_GCM_SHA384.
## Expected results:
Connections happens with TLS_DHE_RSA_AES_256_GCM_SHA384.
According to *gnutls-cli --list --priority NORMAL* the TLS_ECDHE_* cipher come before TLS_RSA_* but unfortunately the TLS_DHE_RSA_* cipher come last.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/862
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel