Re: gnutls 2.10 won't negotiate TLS 1.2 if priority is set to "SECURE256

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnutls 2.10 won't negotiate TLS 1.2 if priority is set to "SECURE256

From:	Nikos Mavrogiannopoulos
Subject:	Re: gnutls 2.10 won't negotiate TLS 1.2 if priority is set to "SECURE256"
Date:	Thu, 26 May 2011 19:13:27 +0200
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10

On 05/26/2011 05:56 PM, Sam Varshavchik wrote:
> I rebuilt a client/server against gnutls 2.10, from 2.8 before. I
> give "SECURE256:-CTYPE-OPENPGP" to gnutls_priority_set_direct() on 
> both the client and the server side. After updating to 2.10, TLS
> negotiation fails a GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM.

Thanks for reporting that. Confirmed. SECURE256 requires SHA-512 but
gnutls will not use SHA-512 for its handshake process (only SHA-1 and
SHA-256).

To work-around that don't use SECURE256. The weakest link in
TLS handshake provides security of 96-bits. So by
using SECURE256 you are not increasing the security, you
are just using bigger keys.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

gnutls 2.10 won't negotiate TLS 1.2 if priority is set to "SECURE256", Sam Varshavchik, 2011/05/26
- Re: gnutls 2.10 won't negotiate TLS 1.2 if priority is set to "SECURE256", Nikos Mavrogiannopoulos <=

Prev by Date: gnutls 2.99.2
Next by Date: Re: gnutls 2.99.2
Previous by thread: gnutls 2.10 won't negotiate TLS 1.2 if priority is set to "SECURE256"
Next by thread: gnutls 2.99.2
Index(es):
- Date
- Thread