[gnutls-devel] Problem with proxied connections on 3.5.3

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Sep 21 08:49:25 CEST 2016

On Wed, Sep 21, 2016 at 12:07 AM, Stefan Bühler <stbuehler at lighttpd.net> wrote:
> Hi,
> Sorry. My fault - the server key exchange fails of course
> due to the mismatching client random, which is included in
> the key exchange signature...

Right. You can overcome this by using gnutls_handshake_set_random(),
however you have to also match the ciphersuites sent (and order), as
well as the extensions. The latter part is the hardest, and made me
gave up on a proper simulator.

> Also I confused m and m1, so the power function always
> returned the same data, just the hash didn't match it.
> It's obviously already too late :)

Note that you also proceeded past the signature size check at which
Marcelo's system fails.

> Sorry again. I hope the go program still is useful;
> just need a way to fix the client random to the original
> value.

A simulator would have certainly be very helpful to have for debugging
such issues. I am not fluent in go so I have not yet checked the
server, but my approach was to use a file to store server's messages,
and registered a custom pull function for the client. That pull
function was reading from that file to feed the client's session.


More information about the Gnutls-devel mailing list