hyc@symas.com wrote:
In fact, the list must be colon separated, and the "+" is required. Just listing the name will cause an error. Also, the actual suite names cannot be used, only the individual algorithm names are recognized. So instead of the suite name "TLS_RSA_AES_256_CBC_SHA1" you must specify "+AES-256-CBC:+SHA1".
To be precise, you must specify "+RSA:+AES-256-CBC:+SHA1".
This method is more error-prone, because it makes it possible to specify a list of algorithms that do not conform to any valid suite.
All in all, it may be best to revert back to using our own suite parser and ignore the one GnuTLS provides.