[mod_gnutls-devel] Does mod-gnutls supports GCM mode?

Peter Ulber pu at uni-konstanz.de
Fri Oct 31 23:59:55 CET 2014


I tried hard to find suitable priority strings for my web server, using

- debian wheezy 7.6 
- apache 2.2.22
- gnutls 3.3.7
- mod-gnutls 0.5.10

For TLS 1.2 I wanted to use GCM instead of CBC, but it seems that
mod-gnutls doesn't support that. It would be nice having it :)

Additionally it's hard to find out what priority strings are actually
supported. I looked it up here:


It was a bit annoying because what mod-gnutls actually supports is
something in between, which I had to find out by trial and error. So I
ended up with

GnuTLSPriorities NONE:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:

which have given me the following results at SSL Labs


So, to avoid e.g. padding attacks the GCM mode would be nice. Any plans?


Peter Ulber ----- KIM IT Services at the University Konstanz
V404 (phone: +49 7531882622) - Mail/XMPP: pu at uni-konstanz.de
S/MIME Fingerprint: E1353193E1BD5ED2F34759168686ABAEFF1F7B9D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6192 bytes
Desc: not available
URL: </pipermail/attachments/20141031/2ed60892/attachment-0001.bin>

More information about the mod_gnutls-devel mailing list