[gnutls-help] Reliable algorithm string
Ben Boeckel
mathstuf at gmail.com
Wed Oct 14 02:55:31 CEST 2015
Hi,
For a couple projects (right now task[1] and eventd[2]), I'm trying to
get them to use a protocol string to enforce better encryption (or,
rather, disable known-bad encryption). The problem is that the string to
control this is a really bad API stability point. If an algorithm that
is excluded by the string is removed in GnuTLS, the whole string is
considered invalid. For example:
%SERVER_PRECEDENCE:NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-3DES-CBC:-ARCFOUR-128:-ARCFOUR-40:-MD5
will fail on newer GnuTLS versions (at least 3.4.5) because ARCFOUR
support has (apparently?) been removed. But it needs to be there to turn
it off on older GnuTLS versions.
Is there a way to construct such a string to be compatible across a wide
range of GnuTLS versions?
(Please keep me CC'd; I am not subscribed.)
Thanks,
--Ben
[1]http://taskwarrior.org/
[2]http://www.eventd.org/
More information about the Gnutls-help
mailing list