Source: gnutls26 Version: 2.12.20-6 Severity: important Tags: security Hi,
When using gnutls-cli to talk to apache with mod_ssl, I always get this when testing with SSL v3.0 to TLS v1.2: - Key Exchange: DHE-RSA - Cipher: AES-128-CBC - MAC: SHA1 When talking to it with TLS 1.2, I really would like to see that it doesn't use SHA1. From gnutls-cli --list, I would expect it to use one of the following: TLS_DHE_RSA_AES_128_CBC_SHA256 0x00, 0x67 TLS1.2 TLS_DHE_RSA_AES_256_CBC_SHA256 0x00, 0x6b TLS1.2 Openssl supports both of them. openssl also selects DHE-RSA-AES256-SHA256 when talking to itself when GCM is disabled, so I assume this is a gnutls problem. Kurt -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
