priority strings behavior

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Jul 23 15:47:10 CEST 2011


On 07/05/2011 08:41 AM, ben thielsen wrote:
> hi-
> 
> i'm experimenting a bit with setting specific priority strings.
> i've been reading some of the documentation, namely gnutls.pdf from 
> http://www.gnu.org/software/gnutls/documentation.html and man 1 
> gnutls-cli, but i think some of the nuances are escaping me.  i get 
> the feeling that specifying certain things [specifically, cipher 
> suites] will inherently also enable other certain things - is this 
> true?  are the cipher suites just shorthand methods for enabling 
> multiple other specific things at once?  is there somewhere 
> documented which settings turn on other settings, and what they are?
> 
> more specifically, i'd like to enable only the following:
[...]
> ...it seems like there's some contradiction between the list of 
> cipher suites and the list of MACs?  i can somehow use sha512, but 
> none of the cipher suites can?

Gnutls priority strings are flexible and might allow more combinations
than the actual ciphersuites. If you want to pick a specific set of
algorithms it is better to pick a ciphersuite and use the algorithms it
consists from.

regards,
Nikos





More information about the Gnutls-help mailing list