Re: kx srp vs dhe

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: kx srp vs dhe

From:	Nikos Mavrogiannopoulos
Subject:	Re: kx srp vs dhe
Date:	Fri, 18 Dec 2009 11:58:11 +0200
User-agent:	Thunderbird 2.0.0.23 (X11/20090817)

Adda Rathbone wrote:
> Hello, 
> I am writing a server using gnutls. The main idea was that a user
> connects with a password. For that reason I want to use the SRP
> authentication and as fallback the normal x509 authentication.
> 
> However if I use the gnutls_certificate_set_dh_params()
> function in my server program, my srp client won't use the SRP kx
> anymore (now it uses DHE-RSA).
> Is there a reason for this behaviour?
> 
> I thought SRP would behave like PSK (PSK is not affected). 
> Does this mean SRP kx is not as secure as DHE kx?
> PS:
> client prio. settings: "SECURE256:+SRP"
> server prio. settings: "SECURE256:+SRP:+SRP-DSS:+SRP-RSA"

This only has to do with priorities. By using
gnutls_certificate_set_dh_params() you effectively enable the DHE
ciphersuites that happen to take precedence to the SRP ones (that is
what your priority string shows).

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

kx srp vs dhe, Adda Rathbone, 2009/12/13
- Re: kx srp vs dhe, Nikos Mavrogiannopoulos <=

Prev by Date: GnuTLS error -73: ASN1 parser: Error in TAG.
Next by Date: Re: Concurrent gnutls_record_send and gnutls_record_recv
Previous by thread: kx srp vs dhe
Next by thread: Concurrent gnutls_record_send and gnutls_record_recv
Index(es):
- Date
- Thread