Bug#665766: libgnutls26: should prefer TLS 1.2/ECC cipher suites
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Fri Mar 30 10:35:45 UTC 2012
> Now that OpenSSL 1.0.1 is in sid, mutt can now talk to my dovecot IMAP
> server using TLS 1.2 [0]. However, I was disappointed to discover that
> mutt (which does not have knobs for cipher suites) still uses
> DHE-RSA/AES-128-CBC/SHA1.
Hello,
libgnutls26 doesn't support elliptic curves or AES-GCM. These were
added in gnutls 3.0.x, and are indeed used with higher priority if the
host system supports the AESNI/PCLMUL instructions.
> Also, using ECC suites like ECDHE is faster and much more secure than
> using plain DH.
ECDH is faster than plain DH on the same security levels but there is
no evidence known to me suggesting it is more secure.
(it is the same algorithm under a different group)
> Finally, if HMAC is going to be used, a stronger hash algorithm than
> SHA-1 should be chosen. SHA-1 has demonstrable weaknesses that have not
> been determined to be present in SHA-256, SHA-384, or SHA-512.
I'm not aware of weaknesses in SHA-1 when used with the HMAC
construction. The application you are using though should have
provided a way for you to force alternative algorithms (e.g. via a
gnutls priority string).
regards,
Nikos
More information about the Pkg-gnutls-maint
mailing list