On Thu, Jan 9, 2020 at 10:52 PM Nikos Mavrogiannopoulos <[email protected]> wrote:
> On Wed, Jan 8, 2020 at 6:01 AM John Jiang <[email protected]> > wrote: > > > > Hi, > > I'm using GnuTLS 3.6.10. > > It looks this version disables AES-256-CBC. > > With my testing on gnutls-serv, if a client supports cipher suite > TLS_RSA_WITH_AES_256_CBC_SHA256 only, the connecting just fails. > > But if the client uses TLS_RSA_WITH_AES_128_GCM_SHA256, the connection > can be established. > > Could this cipher suite be enabled by priority string? > > I have tried "NORMAL:+RSA:+AES-256-CBC", but it didn't work. > > Hi, > AES-256-CBC is not disabled. SHA256 as HMAC is. You need to add > +SHA256 in a priority string. > It works, thanks! BTW, could I get SSLv3.0 back? I tried "NORMAL:+VERS-SSL3.0:+RSA:+SHA256", but got protocol_version alert with TLS_RSA_WITH_AES_128_CBC_SHA and SSLv3. If used TLSv1.0 and the same cipher suite, my test passed. > For context see: https://gitlab.com/gnutls/gnutls/issues/831 > > regards, > Nikos >
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
