Hi there, I just realized that gnutls-cli (3.2.12.1) prefers cipher suites without DHE over those with DHE, e.g.: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) is preferred to TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033).
I was hoping for forward secrecy with Diffie-Hellman by default, which I now must enable explicitly with option --priority=PFS. Is there a reason for this preference? Best wishes Jens _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
