[gnutls-help] gnutls_dh_set_prime_bits question
nmav at gnutls.org
Thu Feb 13 17:23:01 CET 2014
On Thu, Feb 13, 2014 at 3:02 PM, Ted Zlatanov <tzz at lifelogs.com> wrote:
> NM> Thanks. I've committed only part of it. I think mentioning the detailed
> NM> mappings to ciphersuites or algorithms should be done in an appendix (or
> NM> one can obtain the list in real-time by using gnutls-cli -l --priority
> NM> NORMAL).
> Maybe we should mention that method at the beginning of the list of
> priority strings?
Could be nice.
> I think an auto-generated appendix would be terrific as a reference, so
> you don't have to run gnutls-cli to find out what "NORMAL" means. For
> instance, if you're setting up priority strings in Emacs, it would be
> really nice :) It sounds reasonably easy with some scripting. As text
> it would be very convenient for grepping and diffing.
I agree. It may need some tweaking of printlist.c to use
gnutls_priority_get_cipher_suite_index, and some changes in the
>>> Should I mention for each priority string (I only did for "NORMAL") if
>>> it enables or disabled DHE?
> What do you think about this?
It is nice. Maybe say "it enables perfect forward secrecy (DHE,
ECDHE)" instead? I think that more people will understand the purpose
of this text if PFS is explicit.
More information about the Gnutls-help