[gnutls-devel] GnuTLS | Add GOST-CNT ciphersuite support (!1119)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sun Nov 17 09:38:08 CET 2019



Merge request https://gitlab.com/gnutls/gnutls/merge_requests/1119 was reviewed by Nikos Mavrogiannopoulos

--
  
Nikos Mavrogiannopoulos commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/merge_requests/1119#note_245701421

> +#endif
> +#ifdef ENABLE_GOST
> +	GNUTLS_KX_VKO_GOST_12,

I makes sense to me

--
  
Nikos Mavrogiannopoulos commented on a discussion on tests/tls13-server-kx-neg.c: https://gitlab.com/gnutls/gnutls/merge_requests/1119#note_245701424

> +	 * but this is unsuppored for now */
> +	{
> +		.name = "TLS 1.3 server and client VKO-GOST-12 with cred and GOST-256 cert",

What kind of failures you have in mind? I see failures more likely if TLS1.3 remains enabled while GOST is advertised, because version and ciphersuite negotiation are typically done in different steps by servers. The failures will be when connecting either to TLS1.3 GOST servers, or to TLS1.3-enabled servers which optionally support GOST under TLS1.2. If we ship the current behavior the errors will happen mainly in the future when TLS1.3 GOST servers are being deployed (not sure how popular are servers supporting TLS1.3 and enable TLS1.2 GOST).


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/1119
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191117/8c1f5372/attachment.html>


More information about the Gnutls-devel mailing list