On Fri, Jan 10, 2020 at 2:22 AM John Jiang <[email protected]> wrote: > > On Thu, Jan 9, 2020 at 10:52 PM Nikos Mavrogiannopoulos <[email protected]> > wrote: >> >> On Wed, Jan 8, 2020 at 6:01 AM John Jiang <[email protected]> wrote: >> > >> > Hi, >> > I'm using GnuTLS 3.6.10. >> > It looks this version disables AES-256-CBC. >> > With my testing on gnutls-serv, if a client supports cipher suite >> > TLS_RSA_WITH_AES_256_CBC_SHA256 only, the connecting just fails. >> > But if the client uses TLS_RSA_WITH_AES_128_GCM_SHA256, the connection can >> > be established. >> > Could this cipher suite be enabled by priority string? >> > I have tried "NORMAL:+RSA:+AES-256-CBC", but it didn't work. >> >> Hi, >> AES-256-CBC is not disabled. SHA256 as HMAC is. You need to add >> +SHA256 in a priority string. > > It works, thanks! > > BTW, could I get SSLv3.0 back? > I tried "NORMAL:+VERS-SSL3.0:+RSA:+SHA256", but got protocol_version alert > with TLS_RSA_WITH_AES_128_CBC_SHA and SSLv3. > If used TLSv1.0 and the same cipher suite, my test passed.
It is disabled by default without any option to enable. You'll need to recompile the library and enable ssl3 in the configure step. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
