Bug#1091103: gnutls-bin: SRP support is accidentally disabled since 3.8.1-2
Samuel Henrique
samueloph at debian.org
Mon Jan 13 00:58:14 GMT 2025
Hello Andreas,
> it was me intentionally following upstream defaults when not having strong
> arguments to deviate from them, so it was not accidental. Upstream NEWS
> said:
> ** libgnutls: SRP authentication is now disabled by default.
> It is disabled because the SRP authentication in TLS is not up to
> date with the latest TLS standards and its ciphersuites are based
> on the CBC mode and SHA-1. To enable it back, supply
> --enable-srp-authentication option to configure script.
>
> And afaiui SRP is not supported with TLS 1.3.
Would it make sense to enable it for as long as TLS 1.2 is supported?
For the curl package, we make use of GnuTLS to run tests for TLS-SRP support,
without it we lose that test coverage. It's not critical, but it helps a lot.
Cheers,
--
Samuel Henrique <samueloph>
More information about the Pkg-gnutls-maint
mailing list