[gnutls-help] gnutls-cli DHE preferences

[Jens Lechtenboerger]

Hi there,

I just realized that gnutls-cli (3.2.12.1) prefers 
cipher suites without DHE over those with DHE, e.g.:
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) is preferred to
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033).

I was hoping for forward secrecy with Diffie-Hellman by default,
which I now must enable explicitly with option --priority=PFS.

Is there a reason for this preference?

Best wishes
Jens