Adda Rathbone wrote: > Hello, > I am writing a server using gnutls. The main idea was that a user > connects with a password. For that reason I want to use the SRP > authentication and as fallback the normal x509 authentication. > > However if I use the gnutls_certificate_set_dh_params() > function in my server program, my srp client won't use the SRP kx > anymore (now it uses DHE-RSA). > Is there a reason for this behaviour? > > I thought SRP would behave like PSK (PSK is not affected). > Does this mean SRP kx is not as secure as DHE kx? > PS: > client prio. settings: "SECURE256:+SRP" > server prio. settings: "SECURE256:+SRP:+SRP-DSS:+SRP-RSA"
This only has to do with priorities. By using gnutls_certificate_set_dh_params() you effectively enable the DHE ciphersuites that happen to take precedence to the SRP ones (that is what your priority string shows). regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
