[gnutls-help] How to enable AES-256-CBC?
John Jiang
john.sha.jiang at gmail.com
Fri Jan 10 02:21:48 CET 2020
On Thu, Jan 9, 2020 at 10:52 PM Nikos Mavrogiannopoulos <nmav at gnutls.org>
wrote:
> On Wed, Jan 8, 2020 at 6:01 AM John Jiang <john.sha.jiang at gmail.com>
> wrote:
> >
> > Hi,
> > I'm using GnuTLS 3.6.10.
> > It looks this version disables AES-256-CBC.
> > With my testing on gnutls-serv, if a client supports cipher suite
> TLS_RSA_WITH_AES_256_CBC_SHA256 only, the connecting just fails.
> > But if the client uses TLS_RSA_WITH_AES_128_GCM_SHA256, the connection
> can be established.
> > Could this cipher suite be enabled by priority string?
> > I have tried "NORMAL:+RSA:+AES-256-CBC", but it didn't work.
>
> Hi,
> AES-256-CBC is not disabled. SHA256 as HMAC is. You need to add
> +SHA256 in a priority string.
>
It works, thanks!
BTW, could I get SSLv3.0 back?
I tried "NORMAL:+VERS-SSL3.0:+RSA:+SHA256", but got protocol_version alert
with TLS_RSA_WITH_AES_128_CBC_SHA and SSLv3.
If used TLSv1.0 and the same cipher suite, my test passed.
> For context see: https://gitlab.com/gnutls/gnutls/issues/831
>
> regards,
> Nikos
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20200110/2e8569b9/attachment.html>
More information about the Gnutls-help
mailing list