On Mon, Aug 20, 2018 at 2:59 PM, Nikos Mavrogiannopoulos <[email protected]> wrote: >>> >>>> How about >>>> NORMAL:-VERS-ALL:+VERS-TLS-ALL:-KX-ALL:+RSA:-CIPHER-ALL:+AES-128-CBC:+CAMELLIA-256-GCM:-COMP-ALL:+COMP-NULL >>> >>> That is certainly much better, but from the perspective of someone who >>> has seen numerous of these priority strings in applications, I'd >>> really recommend using the defaults. >> >> The use-case here is for testing an application. So I need >> to be able to set odd combinations, for example to check >> what happens at application level when the TL connect >> fails for lack of compatible key-exchange. >> >> Having to make the testsuite tls-library-version aware >> would be sucky. >> >> >> >> >> Also fails, presumably for equivalent reasons: >> >> gnutls_priority_init(NORMAL:!MAC-ALL:+MD5) failed at offset 0, >> "NORMAL.."): No or insufficient priorities were set. > > Because you are adding MD5 which is only available in combination with > RC4. RC4 is no longer included in the NORMAL set, so you'd need > something like: > 'NORMAL:-MAC-ALL:+MD5:+ARCFOUR-128'
Do you have a list of strings with NONE that fail with 3.6.x? Maybe we can have a work-around and enable any missing items in that case, though it will be tricky to distinguish intentional leaving out of parameters and unintentional one. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
