On Sun, 2015-02-15 at 19:06 +0100, Alessandro Carminati wrote:
> Hello,
>
> thank you for answered my help request.
>
> The following is the iksemel function handshake where I issue is
> spawned.
>
> static int handshake (struct stream_data *data)
> {
> const int protocol_priority[] = { GNUTLS_TLS1, GNUTLS_SSL3,
> 0 };
> const int kx_priority[] = { GNUTLS_KX_RSA, 0 };
> const int cipher_priority[] = { GNUTLS_CIPHER_3DES_CBC,
> GNUTLS_CIPHER_ARCFOUR, 0};
> const int comp_priority[] = { GNUTLS_COMP_ZLIB,
> GNUTLS_COMP_NULL, 0 };
> const int mac_priority[] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5,
No doubt this doesn't work any more. It's a very old gnutls API, and
these settings disable anything "new" like AES, and also disables
forward secrecy. It is very likely that the selected combination of
ciphers is considered insecure by the server.
The best would be to convert this code to use the recommended way to set
ciphers, i.e., call:
gnutls_set_default_priority(session);
As in:
http://www.gnutls.org/manual/gnutls.html#Simple-client-example-with-X_002e509-certificate-support
regards,
Nikos
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
