[gnutls-devel] GnuTLS | Please prefer PFS ciphers over plain RSA ones. (#862)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Nov 21 17:27:32 CET 2019

sebastianas created an issue: https://gitlab.com/gnutls/gnutls/issues/862

## Description of problem:

Ciphers with priority normal prefer non-PFS cipher over PFS cipher. 

## Version of gnutls used:

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

## How reproducible:

Steps to Reproduce:

 Connect to a server which supports TLS_RSA_AES_256_GCM_SHA384 and TLS_DHE_RSA_AES_256_GCM_SHA384 but has no server preference.

## Actual results:
Connections happens with TLS_RSA_AES_256_GCM_SHA384.

## Expected results:
Connections happens with TLS_DHE_RSA_AES_256_GCM_SHA384.

According to *gnutls-cli --list --priority NORMAL* the TLS_ECDHE_* cipher come before TLS_RSA_* but unfortunately the TLS_DHE_RSA_* cipher come last.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/862
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191121/6a067206/attachment.html>

More information about the Gnutls-devel mailing list