[gnutls-help] Reliable algorithm string

Ben Boeckel mathstuf at gmail.com
Wed Oct 14 02:55:31 CEST 2015


For a couple projects (right now task[1] and eventd[2]), I'm trying to
get them to use a protocol string to enforce better encryption (or,
rather, disable known-bad encryption). The problem is that the string to
control this is a really bad API stability point. If an algorithm that
is excluded by the string is removed in GnuTLS, the whole string is
considered invalid. For example:


will fail on newer GnuTLS versions (at least 3.4.5) because ARCFOUR
support has (apparently?) been removed. But it needs to be there to turn
it off on older GnuTLS versions.

Is there a way to construct such a string to be compatible across a wide
range of GnuTLS versions?

(Please keep me CC'd; I am not subscribed.)




More information about the Gnutls-help mailing list