Bug#464625: please support OpenSSL-compatible ciphher nammes

Simon Josefsson simon at josefsson.org
Fri Feb 4 08:09:45 UTC 2011


"brian m. carlson" <sandals at crustytoothpaste.net> writes:

> In fact, I happen to know that the documentation for GnuTLS is wrong
> when it claims that "[t]here are no known weaknesses of" MD2.  Such
> weaknesses have been known for quite some time; in fact, certain
> weaknesses in the compression function have been known longer than
> (AFAICT) GnuTLS has existed.  And that's to say nothing about it being
> dog-slow (14 times slower than SHA-256).

You are right, I have updated the documentation:

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=962013fa4b5c1da7a39e5249e146e80f8ca6a7ed

> gnutls-cli(1).  Looking at the source, RC4 is defined in SECURE256, and
> due to major weaknesses in its key scheduling (which can be used very
> effectively against e.g. WEP), I would absolutely not want to use it if
> any other choice were available.  Had I not looked at the source, I
> would never have known this.  I would certainly not class it as
> "secure".

I also feel uncomfortable including RC4 in the SECURE variants, we all
know that RC4 is not a secure cipher.  Nikos, what do you think about
removing it?

> I think it's reasonable to allow OpenSSL-compatible ciphersuite names.
> In fact, I think it's a really good idea.

It would be nice to support this, but nobody appears to be working on
this right now.

I have also wanted to be able to just use the official TLS ciphersuite
name to chose an algorithm.  For example, a priority string of
"TLS_DH_RSA_WITH_AES_256_CBC_SHA" means to enable all TLS versions, RSA,
AES-256, and SHA.  Right now it is difficult to express this.

/Simon





More information about the Pkg-gnutls-maint mailing list