[gnutls-devel] GnuTLS | Apparent failure to accept SHA1 signature of root CA when using SECURE256 (#1348)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Thu Mar 31 11:54:57 CEST 2022

Richard Frith-Macdonald commented:

On further investigation ... the problem is actually caused by the intermediate certificate rather than the root certificate.  Specifically SECURE256 implies high certificate security, and 2048bit is not high enough.
More informative debug messages would have helped a lot here; something to say what criterion was used to decide that the certificate was not secure enough (and a clearer indication of which certificate caused the issue perhaps).

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1348#note_895793169
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220331/9a039086/attachment.html>

More information about the Gnutls-devel mailing list