[gnutls-devel] GnuTLS | Please prefer PFS ciphers over plain RSA ones. (#862)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Nov 21 17:27:32 CET 2019
sebastianas created an issue: https://gitlab.com/gnutls/gnutls/issues/862
## Description of problem:
Ciphers with priority normal prefer non-PFS cipher over PFS cipher.
## Version of gnutls used:
3.6.10
## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)
Debian
## How reproducible:
Steps to Reproduce:
Connect to a server which supports TLS_RSA_AES_256_GCM_SHA384 and TLS_DHE_RSA_AES_256_GCM_SHA384 but has no server preference.
## Actual results:
Connections happens with TLS_RSA_AES_256_GCM_SHA384.
## Expected results:
Connections happens with TLS_DHE_RSA_AES_256_GCM_SHA384.
According to *gnutls-cli --list --priority NORMAL* the TLS_ECDHE_* cipher come before TLS_RSA_* but unfortunately the TLS_DHE_RSA_* cipher come last.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/862
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191121/6a067206/attachment.html>
More information about the Gnutls-devel
mailing list