On Wed, Jan 8, 2020 at 6:01 AM John Jiang <[email protected]> wrote: > > Hi, > I'm using GnuTLS 3.6.10. > It looks this version disables AES-256-CBC. > With my testing on gnutls-serv, if a client supports cipher suite > TLS_RSA_WITH_AES_256_CBC_SHA256 only, the connecting just fails. > But if the client uses TLS_RSA_WITH_AES_128_GCM_SHA256, the connection can be > established. > Could this cipher suite be enabled by priority string? > I have tried "NORMAL:+RSA:+AES-256-CBC", but it didn't work.
Hi, AES-256-CBC is not disabled. SHA256 as HMAC is. You need to add +SHA256 in a priority string. For context see: https://gitlab.com/gnutls/gnutls/issues/831 regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
