[gnutls-devel] forcing 256bit symetric?

James Cloos cloos at jhcloos.com
Thu Apr 16 19:18:46 CEST 2015

>>>>> "NM" == Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:

JC>> What is the shortest priority to demand aes256, prefering aead, but
JC>> accept the certs in actual use in the wild?


That gave me the hint I needed.  I ended up with:


I'll add +AES-256-CCM once I know it is happy on my box.

>> SECURE256 fails because it demands sha512 and essentially no one uses
>> that to sign certs.

NM> Correct. We may need different keywords to indicate secrecy level of
NM> 256-bits, while keeping the handshake security level to the current
NM> defaults.

Sounds like a plan.

James Cloos <cloos at jhcloos.com>         OpenPGP: 0x997A9F17ED7DAEA6

More information about the Gnutls-devel mailing list