Hi,
For a couple projects (right now task[1] and eventd[2]), I'm trying to
get them to use a protocol string to enforce better encryption (or,
rather, disable known-bad encryption). The problem is that the string to
control this is a really bad API stability point. If an algorithm that
is excluded by the string is removed in GnuTLS, the whole string is
considered invalid. For example:
%SERVER_PRECEDENCE:NORMAL:-VERS-SSL3.0:-VERS-TLS1.0:-3DES-CBC:-ARCFOUR-128:-ARCFOUR-40:-MD5
will fail on newer GnuTLS versions (at least 3.4.5) because ARCFOUR
support has (apparently?) been removed. But it needs to be there to turn
it off on older GnuTLS versions.
Is there a way to construct such a string to be compatible across a wide
range of GnuTLS versions?
(Please keep me CC'd; I am not subscribed.)
Thanks,
--Ben
[1]http://taskwarrior.org/
[2]http://www.eventd.org/
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
