[gnutls-help] gnutls_dh_set_prime_bits question

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Feb 13 17:23:01 CET 2014

On Thu, Feb 13, 2014 at 3:02 PM, Ted Zlatanov <tzz at lifelogs.com> wrote:

> NM> Thanks. I've committed only part of it. I think mentioning the detailed
> NM> mappings to ciphersuites or algorithms should be done in an appendix (or
> NM> one can obtain the list in real-time by using gnutls-cli -l --priority
> Maybe we should mention that method at the beginning of the list of
> priority strings?

Could be nice.

> I think an auto-generated appendix would be terrific as a reference, so
> you don't have to run gnutls-cli to find out what "NORMAL" means.  For
> instance, if you're setting up priority strings in Emacs, it would be
> really nice :)  It sounds reasonably easy with some scripting.  As text
> it would be very convenient for grepping and diffing.

I agree. It may need some tweaking of printlist.c to use
gnutls_priority_get_cipher_suite_index, and some changes in the

>>> Should I mention for each priority string (I only did for "NORMAL") if
>>> it enables or disabled DHE?
> What do you think about this?

It is nice. Maybe say "it enables perfect forward secrecy (DHE,
ECDHE)" instead? I think that more people will understand the purpose
of this text if PFS is explicit.


More information about the Gnutls-help mailing list