[mod_gnutls-devel] Does mod-gnutls supports GCM mode?
Peter Ulber
pu at uni-konstanz.de
Fri Oct 31 23:59:55 CET 2014
Hi,
I tried hard to find suitable priority strings for my web server, using
- debian wheezy 7.6
- apache 2.2.22
- gnutls 3.3.7
- mod-gnutls 0.5.10
For TLS 1.2 I wanted to use GCM instead of CBC, but it seems that
mod-gnutls doesn't support that. It would be nice having it :)
Additionally it's hard to find out what priority strings are actually
supported. I looked it up here:
http://www.outoforder.cc/projects/apache/mod_gnutls/docs/#GnuTLSPriorities
http://gnutls.org/manual/html_node/Priority-Strings.html
It was a bit annoying because what mod-gnutls actually supports is
something in between, which I had to find out by trial and error. So I
ended up with
GnuTLSPriorities NONE:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:
+AES-256-CBC:+CAMELLIA-256-CBC:+DHE-RSA:+SHA256:+SHA1:+SIGN-RSA-SHA256:
+COMP-NULL
which have given me the following results at SSL Labs
https://www.ssllabs.com/ssltest/analyze.html?d=mirror.uni-konstanz.de
So, to avoid e.g. padding attacks the GCM mode would be nice. Any plans?
Regards,
Peter
--
Peter Ulber ----- KIM IT Services at the University Konstanz
V404 (phone: +49 7531882622) - Mail/XMPP: pu at uni-konstanz.de
https://www.rz.uni-konstanz.de/rechenzentrum/team/peterulber
S/MIME Fingerprint: E1353193E1BD5ED2F34759168686ABAEFF1F7B9D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6192 bytes
Desc: not available
URL: </pipermail/attachments/20141031/2ed60892/attachment-0001.bin>
More information about the mod_gnutls-devel
mailing list