Hello, I am writing a server using gnutls. The main idea was that a user connects with a password. For that reason I want to use the SRP authentication and as fallback the normal x509 authentication.
However if I use the gnutls_certificate_set_dh_params() function in my server program, my srp client won't use the SRP kx anymore (now it uses DHE-RSA). Is there a reason for this behaviour? I thought SRP would behave like PSK (PSK is not affected). Does this mean SRP kx is not as secure as DHE kx? Thank you Adda Rathbone PS: client prio. settings: "SECURE256:+SRP" server prio. settings: "SECURE256:+SRP:+SRP-DSS:+SRP-RSA" _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
