On 05/26/2011 05:56 PM, Sam Varshavchik wrote: > I rebuilt a client/server against gnutls 2.10, from 2.8 before. I > give "SECURE256:-CTYPE-OPENPGP" to gnutls_priority_set_direct() on > both the client and the server side. After updating to 2.10, TLS > negotiation fails a GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM.
Thanks for reporting that. Confirmed. SECURE256 requires SHA-512 but gnutls will not use SHA-512 for its handshake process (only SHA-1 and SHA-256). To work-around that don't use SECURE256. The weakest link in TLS handshake provides security of 96-bits. So by using SECURE256 you are not increasing the security, you are just using bigger keys. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
