[gnutls-devel] GnuTLS | Instructions for `--priority` ignored. (#1479)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Apr 4 10:03:03 CEST 2023 


Ricky-Tigg created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1479



**v.:** 3.8.0 | Hello. The presence of algorithms that are attested either **unsecure**, **non-secure** can be observed as part of some _Priority_ categories (_&1098_), thus it won't be needed to expand the existing report further. We know that it may be solved within eight years. Now Here we can observe that the instructions for `--priority` **are ignored**.

Illustration | All those cipher suites were excluded from the query, however as demonstrated, they were not processed accordingly:
```
$ GNU='gnutls-cli -l --priority PFS:-VERS-TLS-ALL:+VERS-TLS1.3'
$ $GNU | head -1 && $GNU | grep -v 'TLS1[.]3$' | grep 'TLS1[.][0-9]$'
Cipher suites for PFS:-VERS-TLS-ALL:+VERS-TLS1.3
TLS_ECDHE_ECDSA_AES_256_GCM_SHA384                	0xc0, 0x2c	TLS1.2
TLS_ECDHE_ECDSA_CHACHA20_POLY1305                 	0xcc, 0xa9	TLS1.2
TLS_ECDHE_ECDSA_AES_256_CCM                       	0xc0, 0xad	TLS1.2
TLS_ECDHE_ECDSA_AES_256_CBC_SHA1                  	0xc0, 0x0a	TLS1.0
TLS_ECDHE_ECDSA_AES_128_GCM_SHA256                	0xc0, 0x2b	TLS1.2
TLS_ECDHE_ECDSA_AES_128_CCM                       	0xc0, 0xac	TLS1.2
TLS_ECDHE_ECDSA_AES_128_CBC_SHA1                  	0xc0, 0x09	TLS1.0
TLS_ECDHE_RSA_AES_256_GCM_SHA384                  	0xc0, 0x30	TLS1.2
TLS_ECDHE_RSA_CHACHA20_POLY1305                   	0xcc, 0xa8	TLS1.2
TLS_ECDHE_RSA_AES_256_CBC_SHA1                    	0xc0, 0x14	TLS1.0
TLS_ECDHE_RSA_AES_128_GCM_SHA256                  	0xc0, 0x2f	TLS1.2
TLS_ECDHE_RSA_AES_128_CBC_SHA1                    	0xc0, 0x13	TLS1.0
TLS_DHE_RSA_AES_256_GCM_SHA384                    	0x00, 0x9f	TLS1.2
TLS_DHE_RSA_CHACHA20_POLY1305                     	0xcc, 0xaa	TLS1.2
TLS_DHE_RSA_AES_256_CCM                           	0xc0, 0x9f	TLS1.2
TLS_DHE_RSA_AES_256_CBC_SHA1                      	0x00, 0x39	TLS1.0
TLS_DHE_RSA_AES_128_GCM_SHA256                    	0x00, 0x9e	TLS1.2
TLS_DHE_RSA_AES_128_CCM                           	0xc0, 0x9e	TLS1.2
TLS_DHE_RSA_AES_128_CBC_SHA1                      	0x00, 0x33	TLS1.0

```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1479
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230404/e9b12e7d/attachment.html>

More information about the Gnutls-devel mailing list