On Wed, 30 Mar 2005, Nikos Mavrogiannopoulos wrote:
Off the top of my head I can't think of a good reason to use DHE_RSA for an SSL server as it doesn't have to sign anything, right?Key usage: Key encipherment.This only works with plain RSA cipher suites. That means that your server MUST NOT use DHE_RSA, which is a signing ciphersuite.
So disabling it wouldn't pose a problem.
Besides the fact that this should be valid for all kind of TLS servers, it looks okay to me.No this is not valid for all TLS servers. Only for the ones that use plain RSA.
I see.
[ gnutls checking scope ]
Only the key usage.Is is really a good idea to be more strict here than e.g. openssl?
Because I do know of several servers which do have this problem when being used by clients which are linked agains gnutls.
bye, andreas
_______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
