[gnutls-devel] GnuTLS | Please prefer PFS ciphers over plain RSA ones. (#862)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Sat Nov 23 20:56:33 CET 2019

Nikos Mavrogiannopoulos commented:

It is intentional that DHE-RSA is after RSA. The DHE-RSA ciphersuites have several issues under tls1.2 or earlier and the most important is that it in libraries like gnutls which enforce a consistent security level, they make it impossible for a client to recover from a server which sends a DH key which is below the bar. That is, unfortunately a very common misconfiguration, and this is why RSA is preferred to DHE.

See also:

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/862#note_249441003
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20191123/47742d66/attachment.html>

More information about the Gnutls-devel mailing list