Hello,
Our diameter server solution consists of a C++ diameter server and its stand-in
counterpart implemented in Java, meaning that in case the C++ diameter server
has an operational problem, the backup written in Java takes over as long as
necessary.
The C++ server utilizes GNU TLS functionality (currently version 2.2.5 using
the openssl compatibility layer) for providing security for TCP communication
and the one written in Java (version 1.5) uses the TLS functionality in JSSE.
The sets of ciphersuites supported by these two libraries differ from each
other.
Since both diameter servers should provide (almost) identical diameter
interface to a client, it should be possible to enable the same ciphersuites
for both of the implementations. So should both offer the same set of
ciphersuites to a Diameter client.
Our problem in case of GNU TLS is that we are not able to exclude a specific
ciphersuite (as in case of JSSE) before the TLS handshake, but only a set of
ciphersuites corresponding to a cipher algorithm (or a key exchange algorithm
or a MAC algorithm) by modifying the arrays cipher_priority, kx_priority and
mac_priority accordingly, i.e. it does not seem to us possible for example to
exclude the ciphersuite TLS_DHE_DSS_ARCFOUR_SHA1 but not TLS_RSA_ARCFOUR_SHA1.
Does the current GNU TLS library (v. 2.2.5) provide a solution (that we have
overlooked) ?
Thanks a lot,
Liisa & Scott
_________________________________________________________________
News, entertainment and everything you care about at Live.com. Get it now!
http://www.live.com/getstarted.aspx
_______________________________________________
Help-gnutls mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/help-gnutls
