[gnutls-help] priority strings
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Aug 20 15:06:26 CEST 2018
On Mon, Aug 20, 2018 at 2:59 PM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
>>>
>>>> How about
>>>> NORMAL:-VERS-ALL:+VERS-TLS-ALL:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+CAMELLIA-256-GCM:-COMP-ALL:+COMP-NULL
>>>
>>> That is certainly much better, but from the perspective of someone who
>>> has seen numerous of these priority strings in applications, I'd
>>> really recommend using the defaults.
>>
>> The use-case here is for testing an application. So I need
>> to be able to set odd combinations, for example to check
>> what happens at application level when the TL connect
>> fails for lack of compatible key-exchange.
>>
>> Having to make the testsuite tls-library-version aware
>> would be sucky.
>>
>>
>>
>>
>> Also fails, presumably for equivalent reasons:
>>
>> gnutls_priority_init(NORMAL:!MAC-ALL:+MD5) failed at offset 0,
>> "NORMAL.."): No or insufficient priorities were set.
>
> Because you are adding MD5 which is only available in combination with
> RC4. RC4 is no longer included in the NORMAL set, so you'd need
> something like:
> 'NORMAL:-MAC-ALL:+MD5:+ARCFOUR-128'
Do you have a list of strings with NONE that fail with 3.6.x? Maybe we
can have a work-around and enable any missing items in that case,
though it will be tricky to distinguish intentional leaving out of
parameters and unintentional one.
regards,
Nikos
More information about the Gnutls-help
mailing list