[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#6251) GnuTLS cipher suite failure
hyc@symas.com wrote:
> In fact, the list must be colon separated, and the "+" is required. Just
> listing the name will cause an error. Also, the actual suite names cannot be
> used, only the individual algorithm names are recognized. So instead of the
> suite name "TLS_RSA_AES_256_CBC_SHA1" you must specify "+AES-256-CBC:+SHA1".
To be precise, you must specify "+RSA:+AES-256-CBC:+SHA1".
> This method is more error-prone, because it makes it possible to specify a
> list of algorithms that do not conform to any valid suite.
>
> All in all, it may be best to revert back to using our own suite parser and
> ignore the one GnuTLS provides.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/