[gnutls-devel] Problem with proxied connections on 3.5.3

Andreas Metzler ametzler at bebt.de
Sat Sep 17 12:48:40 CEST 2016


On 2016-09-17 Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> wrote:
[...]
> Thank you. Could I have a capture of the session? My speculation is
> that the user is under man-in-the-middle attack and the presented RSA
> public key in the certificate is rejected by rsa_public_key_prepare().
> If that is run with nettle 3.2, then only check is whether the N is <
> 96 bits which is way too small even for an attacker. Later versions (in
> git) have an additional check for N being even. A capture and the
> nettle version used will shed some light on the issue.

Could you perhaps provide Marcelo with step-by-step instructions on how
to generate the session capture?

Nettle version is 3.2.

thanks, cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



More information about the Gnutls-devel mailing list