Re: TLSv1.2 interop issue (was: Re: gnutls 3.0.9)

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLSv1.2 interop issue (was: Re: gnutls 3.0.9)

From:	Nikos Mavrogiannopoulos
Subject:	Re: TLSv1.2 interop issue (was: Re: gnutls 3.0.9)
Date:	Thu, 5 Jan 2012 10:37:10 +0100

On Thu, Jan 5, 2012 at 10:29 AM, Florian Weimer <address@hidden> wrote:
> * Nikos Mavrogiannopoulos:
>>> We're seeing interop issues with a TLSv1.2 server which advertises are
>>> fairly restricted list of cipher suites.
>> What do you see?
> Well, the cipher suite thing was a different bug, on the server side,
> not caused by GNUTLS.  Fixing that didn't make a dent in the original
> issue.
> The issue is triggered when I use GNTULS 2.12.14 to connect to an
> OpenJDK 7u2 server which requires client certificates.
> Here's output from "gnutls-cli --debug 255":
[...]
> gnutls_sig.c:630 says:
> |    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); /* too bad we only 
> support SHA1 and SHA256 */

Can you try gnutls 3.0.x? It doesn't have this limitation.

> This is a bit puzzling.  Why does GNUTLS pick RSA-SHA512 if it doesn't
> support the algorithm?

Could you send me the transaction as a tcpdump raw file (to open with
wireshark).
I'll check later whether there can be a fix for 2.12.x.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Re: gnutls 3.0.9, Florian Weimer, 2012/01/04
- Re: gnutls 3.0.9, Nikos Mavrogiannopoulos, 2012/01/04
  - TLSv1.2 interop issue (was: Re: gnutls 3.0.9), Florian Weimer, 2012/01/05
    - Re: TLSv1.2 interop issue (was: Re: gnutls 3.0.9), Nikos Mavrogiannopoulos <=
    - Re: TLSv1.2 interop issue, Florian Weimer, 2012/01/05

Prev by Date: TLSv1.2 interop issue (was: Re: gnutls 3.0.9)
Next by Date: Re: TLSv1.2 interop issue
Previous by thread: TLSv1.2 interop issue (was: Re: gnutls 3.0.9)
Next by thread: Re: TLSv1.2 interop issue
Index(es):
- Date
- Thread