kx srp vs dhe

Adda Rathbone addarathbone at googlemail.com
Sun Dec 13 22:59:33 CET 2009

I am writing a server using gnutls. The main idea was that a user
connects with a password. For that reason I want to use the SRP
authentication and as fallback the normal x509 authentication.

However if I use the gnutls_certificate_set_dh_params()
function in my server program, my srp client won't use the SRP kx
anymore (now it uses DHE-RSA).
Is there a reason for this behaviour?

I thought SRP would behave like PSK (PSK is not affected). 
Does this mean SRP kx is not as secure as DHE kx?

Thank you
Adda Rathbone

client prio. settings: "SECURE256:+SRP"
server prio. settings: "SECURE256:+SRP:+SRP-DSS:+SRP-RSA"

More information about the Gnutls-help mailing list