[Pkg-gnutls-maint] Re: Possible bug in GnuTLS AES/SHA1
Marc Haber
mh+gnutls-dev at zugschlus.de
Mon Feb 5 11:05:01 CET 2007
On Mon, Feb 05, 2007 at 10:26:46AM +0100, Simon Josefsson wrote:
> Is it easy for administrators to disable SHA with the application that
> was used here (exim IIRC)?
Unfortunately, no. That would mean modifying the source code, and even
the code does not easily allow selecting ciphers for certain IP
addresses (especially if the client has dynamic IP address).
Additionally, GnuTLS falls back to ARCFOUR as cipher when SHA-1 as
hash is forbidden.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
More information about the Pkg-gnutls-maint
mailing list