Re: (ITS#6251) GnuTLS cipher suite failure

12 Aug 2009


      hyc@symas.com wrote:
...
In fact, the list must be colon separated, and the "+" is required. Just
listing the name will cause an error. Also, the actual suite names cannot be
used, only the individual algorithm names are recognized. So instead of the
suite name "TLS_RSA_AES_256_CBC_SHA1" you must specify "+AES-256-CBC:+SHA1".
To be precise, you must specify "+RSA:+AES-256-CBC:+SHA1".
...
This method is more error-prone, because it makes it possible to specify a
list of algorithms that do not conform to any valid suite.
All in all, it may be best to revert back to using our own suite parser and
ignore the one GnuTLS provides.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: (ITS#6251) GnuTLS cipher suite failure