On 2004-12-07 Philip Hazel <ph10@???> wrote:
> On Tue, 7 Dec 2004, Andreas Metzler wrote:
[...]
> > I'd appreciate if you could tell us which new ordering you have chosen
> > once that has happened, as I'd like to replicate the change in Debian's
> > exim packages rather sooner than later.
> The consensus seems to be AES128, 3DES, ARCFOUR128, ARCFOUR40. There is
> some debate about having ARCFOUR40 there at all, and I am wavering...
> > * AES_256_CBC, AES_128_CBC, 3DES_CBC,
> > * and ARCFOUR_128 for ciphers.
>
> > Just as another datapoint.
> That would suggest dropping ARCFOUR40 and adding AES256 at the start.
> OK, that's what I'll think about doing.
ok, thanks.
> > Afaict from NEWS
> > gnutls_set_default_priority() was addedd in 0.5.9.
> Exim uses gnutls_cipher_set_priority(). I guess that code predates the
> new function.
I think so, too.
> Or maybe it's something different. Sorry, I'm just not an
> expert in this stuff.
Afaiui gnutls_cipher_set_priority() is for chosing a custom ordering
and gnutls_set_default_priority() is for "The gnutls guys should know
better which ordering is the best one, let them decide." The manual
seems to support this
http://www.gnu.org/software/gnutls/manual/gnutls/gnutls.html#SECTION0010153000000000000000
http://www.gnu.org/software/gnutls/manual/gnutls/gnutls.html#SECTION00101138000000000000000
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
