[email protected] wrote: > In fact, the list must be colon separated, and the "+" is required. Just > listing the name will cause an error. Also, the actual suite names cannot be > used, only the individual algorithm names are recognized. So instead of the > suite name "TLS_RSA_AES_256_CBC_SHA1" you must specify "+AES-256-CBC:+SHA1".
To be precise, you must specify "+RSA:+AES-256-CBC:+SHA1". > This method is more error-prone, because it makes it possible to specify a > list of algorithms that do not conform to any valid suite. > > All in all, it may be best to revert back to using our own suite parser and > ignore the one GnuTLS provides. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
