[gnutls-help] TLS_PSK cipher suite selection by priority strings

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Jul 30 13:27:48 CEST 2015


On Tue, Jul 28, 2015 at 3:13 PM, Tim Riemann <TRiemann at comprion.com> wrote:
> Hi,
> I am currently trying to run some tests with GnuTLS 3.4.1 on a self written
> TLS-PSK server, but I am not able to select the cipher suites which I need
> to test. For example, I am not able to select TLS_PSK_AES_128_GCM_SHA256
> with the following priority string: "+PSK:+AES-128-GCM:+MAC-ALL". Using the
> tool “gnutls-priority” (https://gist.github.com/stbuehler/5693466) I
> verified that the cipher suite from above should be enabled. But if I
> connect to my TLS-PSK server, GnuTLS shows the message “Error in priorities:
> No or insufficient priorities were set.”. What priority string do I need to
> select this specific cipher suite?

If you simply need to test the PSK ciphersuites, you can start from
the "normal" priority string, and enable PSK, i.e.,
"NORMAL:-KX-ALL:+PSK". That way you ensure that all required values
are set.

> I also want to check NULL cipher suites such as “TLS_PSK_NULL_SHA1”. How can
> I configure GnuTLS to only use this cipher suite? It would be awesome if you
> can give me any hints J.

append -CIPHER-ALL:+NULL.

regards,
Nikos



More information about the Gnutls-help mailing list