Hi, On Fri, Jan 10, 2020 at 4:43 PM Nikos Mavrogiannopoulos <[email protected]> wrote:
> On Fri, Jan 10, 2020 at 2:22 AM John Jiang <[email protected]> > wrote: > > > > On Thu, Jan 9, 2020 at 10:52 PM Nikos Mavrogiannopoulos <[email protected]> > wrote: > >> > >> On Wed, Jan 8, 2020 at 6:01 AM John Jiang <[email protected]> > wrote: > >> > > >> > Hi, > >> > I'm using GnuTLS 3.6.10. > >> > It looks this version disables AES-256-CBC. > >> > With my testing on gnutls-serv, if a client supports cipher suite > TLS_RSA_WITH_AES_256_CBC_SHA256 only, the connecting just fails. > >> > But if the client uses TLS_RSA_WITH_AES_128_GCM_SHA256, the > connection can be established. > >> > Could this cipher suite be enabled by priority string? > >> > I have tried "NORMAL:+RSA:+AES-256-CBC", but it didn't work. > >> > >> Hi, > >> AES-256-CBC is not disabled. SHA256 as HMAC is. You need to add > >> +SHA256 in a priority string. > > > > It works, thanks! > > > > BTW, could I get SSLv3.0 back? > > I tried "NORMAL:+VERS-SSL3.0:+RSA:+SHA256", but got protocol_version > alert with TLS_RSA_WITH_AES_128_CBC_SHA and SSLv3. > > If used TLSv1.0 and the same cipher suite, my test passed. > > It is disabled by default without any option to enable. You'll need to > recompile the library and enable ssl3 in the configure step. > I tried configure option "--enable-ssl3-support", and it worked. Thanks!
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
