nmav at gnutls.org
Wed Jan 4 17:33:55 CET 2012
On 01/04/2012 05:07 PM, Florian Weimer wrote:
> * Nikos Mavrogiannopoulos:
>> ** libgnutls: Added new priority string %SERVER_PRECEDENCE, which
>> changes the ciphersuite selection procedure. If specified the server
>> priorities will be used for selection instead of the client's.
> Is it true that without %SERVER_PRECEDENCE (and in earlier versions),
> the GNUTLS client only looks at its own cipher list, and does not
> restrict itself to the intersection of its own suites and that provided
> by the server?
%SERVER_PRECEDENCE has no effect if given in client side. It affects how the server selects the ciphersuite from the common supported.
> We're seeing interop issues with a TLSv1.2 server which advertises are
> fairly restricted list of cipher suites.
What do you see?
More information about the Gnutls-help