[gnutls-help] How to enable AES-256-CBC?

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Jan 9 15:52:09 CET 2020

On Wed, Jan 8, 2020 at 6:01 AM John Jiang <john.sha.jiang at gmail.com> wrote:
> Hi,
> I'm using GnuTLS 3.6.10.
> It looks this version disables AES-256-CBC.
> With my testing on gnutls-serv, if a client supports cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 only, the connecting just fails.
> But if the client uses TLS_RSA_WITH_AES_128_GCM_SHA256, the connection can be established.
> Could this cipher suite be enabled by priority string?
> I have tried "NORMAL:+RSA:+AES-256-CBC", but it didn't work.

 AES-256-CBC is not disabled. SHA256 as HMAC is. You need to add
+SHA256 in a priority string.
For context see: https://gitlab.com/gnutls/gnutls/issues/831


More information about the Gnutls-help mailing list