[gnutls-help] gnutls-cli DHE preferences

Jens Lechtenboerger jens.lechtenboerger at fsfe.org
Sat Mar 8 22:41:41 CET 2014


Hi there,

I just realized that gnutls-cli (3.2.12.1) prefers 
cipher suites without DHE over those with DHE, e.g.:
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) is preferred to
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033).

I was hoping for forward secrecy with Diffie-Hellman by default,
which I now must enable explicitly with option --priority=PFS.

Is there a reason for this preference?

Best wishes
Jens



More information about the Gnutls-help mailing list