[gnutls-help] gnutls-cli DHE preferences
nmav at gnutls.org
Sun Mar 9 20:16:49 CET 2014
On Sat, 2014-03-08 at 22:41 +0100, Jens Lechtenboerger wrote:
> Hi there,
> I just realized that gnutls-cli (188.8.131.52) prefers
> cipher suites without DHE over those with DHE, e.g.:
> TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) is preferred to
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033).
> I was hoping for forward secrecy with Diffie-Hellman by default,
> which I now must enable explicitly with option --priority=PFS.
> Is there a reason for this preference?
Yes. The problem with DHE ciphersuites is that they don't negotiate the
acceptable security level; thus when a client prioritizes DH and
receives unacceptable DH parameters can only terminate the session with
an error. This makes gnutls incompatible with these servers (there are
quite some misconfigured servers like that), so gnutls prioritizes by
default ECDHE, and RSA over DHE to promote compatibility.
More information about the Gnutls-help