SRP and null cipher

Nikos Mavrogiannopoulos nmav at
Tue Sep 11 09:54:29 CEST 2012

On Sun, Sep 9, 2012 at 11:34 AM, Dmythro Tsakhilov <barsandcat at> wrote:
> To run unit tests on my network code, which uses gnutls with SRP key
> exchange, I want to substitute socket with beforehand prepared data stream.
> As I understand, same packet after encryption result in different output
> each time, so if stored data send from server, and try to feed them back to
> client during another session - it will not work.
> That could be solved if I could, some how, disable encryption for unit
> tests. I've read about NULL cipher, but could not find any documentation
> about how to switch it on with SRP extension.

SRP does not define any ciphersuites with the NULL cipher, but what you mention
wouldn't work in any case because the key of the MAC would also vary.
What you could
do is to verify against some independent implementation of TLS-SRP.


More information about the Gnutls-help mailing list