Am 26.05.2014 12:42, schrieb Hani Benhabiles: > On 2014-05-26 11:39, Reindl Harald wrote: >>> ECDHE/ECDSA ===> Link against GnuTLS 3.x. That's it >> >> you hardly can do that one package management driven systems >> and the reason for switched to CentOS *was GNUTLS* because it >> was impossible to get GSAD running on Fedora with recent >> GnuTLS/libmicrohttp the whole year 2012 >> >> [root@openvas:~]$ rpm -q gnutls >> gnutls-2.8.5-13.el6_5.x86_64 >> >> [root@openvas:~]$ cat /etc/redhat-release >> CentOS release 6.5 (Final) >> >>> GSAD by default is picking TLS_ECDHE_RSA_WITH_AES_128_GCM_256 with >>> my fully updated FireFox. >> >> impossible on most systems as explained above >> >>> You are free to use --gnutls-priorities to customize >>> the supported ciphersuites list >> >> and why OpenVas 6 / GSA 4 are not doing that as default? >> >> Firefox is using AES128-CBC-SHA1 here and modify the sysvinit script >> is a damned bad idea because it get overwritten at every update >> > > ECDHE *is* default when using GnuTLS 3 (with a sane browser/client.) > and everything is solved/backported in OpenVAS (6, 7, trunk) as of today.
and why is DHE not default with GnuTLS 2 > Distributions' issue of packaging (I see it recently hit Debian SID FWIW) and > being stuck with GnuTLS 2.x for a long time (due to licensing AFAICT) is > another matter. no it is *not* another matter this crap called GnuTLS and not working GAS/OpenVAS forced me end 2012 after wasting a lot of time to install CentOS http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-October/004644.html https://lists.fedoraproject.org/pipermail/devel/2012-March/165000.html
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
