[gnutls-help] gnutls-cli DHE preferences

Jens Lechtenboerger jens.lechtenboerger at fsfe.org
Sat Mar 8 22:41:41 CET 2014

Hi there,

I just realized that gnutls-cli ( prefers 
cipher suites without DHE over those with DHE, e.g.:
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) is preferred to

I was hoping for forward secrecy with Diffie-Hellman by default,
which I now must enable explicitly with option --priority=PFS.

Is there a reason for this preference?

Best wishes

More information about the Gnutls-help mailing list