[gnutls-dev]Re: exim + gnutls

Philip Hazel ph10 at cus.cam.ac.uk
Sun Nov 3 10:29:02 CET 2002

On Fri, 1 Nov 2002, Nikos Mavroyanopoulos wrote:

> This is due to libgcrypt. I though it was solved in the latest version.

I *thought* I installed the latest version. Anyway, it isn't actually a
problem for Exim.

> The only thing I can suggest here, is to use the gnutls' priority functions.
> That is break the cipher suites, to Key Exchange method, Cipher algorithm, and
> MAC, and the feed that to the priority functions.
> You could use a table like { "RC4-MD5", GNUTLS_KX_RSA, GNUTLS_CIPHER_ARCFOUR, GNUTLS_MAC_MD5 }.

Ah, I see how that might work now. Thanks.

> > 4. When investigating the cipher suites, I noticed that GnuTLS uses an
> >    underscore between the components, whereas OpenSSL uses a hyphen. Is
> >    there a standard for this? OpenSSL actually complains if you use an
> >    underscore. For the moment, I have put in code to convert between
> >    underscores and hyphens as necessary.
> Why does this cause problem?

It doesn't cause a problem with GnuTLS. It only caused me a technical
problem because I have tests which I run with both GnuTLS and OpenSSL,
and OpenSSL doesn't like cipher names that contain underscores.

However, the culture difference might cause problems of understanding
for people that are swapping from one library to the other. That's why I
wondered if there was any standard.


Philip Hazel            University of Cambridge Computing Service,
ph10 at cus.cam.ac.uk      Cambridge, England. Phone: +44 1223 334714.

More information about the Gnutls-devel mailing list