[gnutls-devel] GnuTLS | Disable RSAES-PKCS1-v1.5 by default (!1828)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Sat Mar 30 02:54:18 CET 2024




Daiki Ueno started a new discussion on doc/cha-config.texi: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828#note_1838589916

>  @subsection Enabling KTLS
>  When GnuTLS is build with -–enable-ktls configuration, KTLS is disabled by default.
>  This can be enabled by setting @code{ktls = true} in @code{[global]} section.
> +
> +
> + at node Enabling/Disabling RSAES-PKCS1-v1_5
> + at section Enabling/Disabling RSAES-PKCS1-v1_5
> +
> +This option can be used to enable/disable RSA PKCS1 v1.5 encryption and decryption
> +in GnuTLS. The RSAES-PKCS1-v1_5 is enabled by default.
> +
> +Below example shows how to explicitely disable the RSAES-PKCS1-v1_5.
> + at example
> +[global]
> +allow-rsa-pkcs1-encrypt = false

Sorry for the last minute request, but I think it's more natural to have it in the `[overrides]` section, with other algorithm specific controls.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1828#note_1838589916
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20240330/ef85e48f/attachment.html>


More information about the Gnutls-devel mailing list