From msk at cloudmark.com Tue Jan 4 18:46:41 2011 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Tue, 4 Jan 2011 09:46:41 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> <4D0A8351.9040704@gnutls.org> <4D0D852A.2090004@gnutls.org> Message-ID: > -----Original Message----- > From: help-gnutls-bounces+msk=cloudmark.com at gnu.org [mailto:help-gnutls-bounces+msk=cloudmark.com at gnu.org] On Behalf Of Murray S. Kucherawy > Sent: Monday, December 20, 2010 11:27 AM > To: Nikos Mavrogiannopoulos > Cc: help-gnutls at gnu.org > Subject: RE: RSA sign/verify and hash generation functions > > > -----Original Message----- > > From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos > > Sent: Saturday, December 18, 2010 8:08 PM > > To: Murray S. Kucherawy > > Cc: help-gnutls at gnu.org > > Subject: Re: RSA sign/verify and hash generation functions > > > > I missed that one, should be ok now. > > [...] > > A build from a master snapshot now works out-of-the box. Great stuff, > thank you! For my own release planning purposes, do you have a rough date planned to release a new version containing that updated API? From jos at kuijpersvof.nl Fri Jan 7 22:34:50 2011 From: jos at kuijpersvof.nl (Jos Kuijpers) Date: Fri, 7 Jan 2011 22:34:50 +0100 Subject: gnutls_bye() error handling in a sane way Message-ID: <00f501cbaeb2$b6ece020$24c6a060$@kuijpersvof.nl> Folks, Since a week, I am having serious problems with the GnuTLS library concerning the gnutls_bye(): I am writing a binding between gnutls and ObjFW (https://www.webkeks.org/objfw) => https://webkeks.org/hg/objgnutls/ When an attempt to reading from the socket failed, and results in a closed socket (because of a malicious client, or lost network connection, etc), the close method of the object gets called. This method then will call gnutls_bye, socket close and gnutls_deinit. There is the problem. Gnutls_bye sends data. When the socket is broken, and gnutls_bye is called, my program DIES: SIGPIPE. I am very disappointed about this. Catching signals in a library is not-done. Is there a way to get proper error handling done in this case? Else, I will send this mail to the development mailing list for adding support for sane error handling. With kind regards, Jos From nmav at gnutls.org Tue Jan 11 17:33:38 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Tue, 11 Jan 2011 17:33:38 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> <4D0A8351.9040704@gnutls.org> <4D0D852A.2090004@gnutls.org> Message-ID: <4D2C8662.6020400@gnutls.org> On 01/04/2011 06:46 PM, Murray S. Kucherawy wrote: > For my own release planning purposes, do you have a rough date > planned to release a new version containing that updated API? There are some issues I want to finish (regarding pkcs11), thus I'd expect a release candidate mid-February or so. regards, Nikos From nmav at gnutls.org Sat Jan 15 14:12:59 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 15 Jan 2011 14:12:59 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D2C8662.6020400@gnutls.org> References: <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> <4D0A8351.9040704@gnutls.org> <4D0D852A.2090004@gnutls.org> <4D2C8662.6020400@gnutls.org> Message-ID: <4D319D5B.5080601@gnutls.org> On 01/11/2011 05:33 PM, Nikos Mavrogiannopoulos wrote: > On 01/04/2011 06:46 PM, Murray S. Kucherawy wrote: > >> For my own release planning purposes, do you have a rough date >> planned to release a new version containing that updated API? > There are some issues I want to finish (regarding pkcs11), thus I'd > expect a release candidate mid-February or so. btw. I'm planning into deprecating all the gnutls_x509_* functions to sign and verify data, and only leave the gnutls_privkey_ and gnutls_pubkey_ equivalent functions. That is to simplify internals and avoid having the same functions for each certificate type. Just in case this change affects you. regards, Nikos From msk at cloudmark.com Sat Jan 15 18:26:51 2011 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Sat, 15 Jan 2011 09:26:51 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D319D5B.5080601@gnutls.org> References: <4D00068D.6090005@gnutls.org> <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> <4D0A8351.9040704@gnutls.org> <4D0D852A.2090004@gnutls.org> <4D2C8662.6020400@gnutls.org> <4D319D5B.5080601@gnutls.org> Message-ID: > -----Original Message----- > From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos > Sent: Saturday, January 15, 2011 5:13 AM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > btw. I'm planning into deprecating all the gnutls_x509_* functions to > sign and verify data, and only leave the gnutls_privkey_ and > gnutls_pubkey_ equivalent functions. That is to simplify internals > and avoid having the same functions for each certificate type. > Just in case this change affects you. It does. Right now I'm using: - gnutls_x509_privkey_init() to allocate an object - gnutls_x509_privkey_import() to read in a PEM-encoded or DER-encoded RSA key - gnutls_privkey_import_x509() to extract a generic private key from the above - gnutls_privkey_get_pk_algorithm() just to get the key size of the above - gnutls_x509_privkey_deinit() to deallocate - gnutls_x509_privkey_sign_hash2() to sign As I recall, what was missing from the basic privkey interface was the means to get a PEM/DER-encoded RSA key; I had to go through the gnutls_x509_*() functions to do that. What I need is a gnutls_privkey_import() that can do the same, and a matching gnutls_privkey_sign_hash2(), and then I can get rid of the gnutls_x509_*() calls altogether. If you have a version available that has those API changes, I can give it a try next week. -MSK From nmav at gnutls.org Sat Jan 15 19:45:35 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 15 Jan 2011 19:45:35 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> <4D0A8351.9040704@gnutls.org> <4D0D852A.2090004@gnutls.org> <4D2C8662.6020400@gnutls.org> <4D319D5B.5080601@gnutls.org> Message-ID: <4D31EB4F.2010609@gnutls.org> On 01/15/2011 06:26 PM, Murray S. Kucherawy wrote: >> -----Original Message----- From: Nikos Mavrogiannopoulos >> [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos >> Mavrogiannopoulos Sent: Saturday, January 15, 2011 5:13 AM To: >> Murray S. Kucherawy Cc: help-gnutls at gnu.org Subject: Re: RSA >> sign/verify and hash generation functions >> >> btw. I'm planning into deprecating all the gnutls_x509_* functions >> to sign and verify data, and only leave the gnutls_privkey_ and >> gnutls_pubkey_ equivalent functions. That is to simplify internals >> and avoid having the same functions for each certificate type. Just >> in case this change affects you. > > It does. Right now I'm using: > > - gnutls_x509_privkey_init() to allocate an object - > gnutls_x509_privkey_import() to read in a PEM-encoded or DER-encoded > RSA key - gnutls_privkey_import_x509() to extract a generic private > key from the above - gnutls_privkey_get_pk_algorithm() just to get > the key size of the above - gnutls_x509_privkey_deinit() to > deallocate - gnutls_x509_privkey_sign_hash2() to sign You can use gnutls_privkey_sign_hash2() instead of gnutls_x509_privkey_sign_hash2(). There shouldn't be any side-effects. For verification you could use gnutls_pubkey_verify_data/hash. > As I recall, what was missing from the basic privkey interface was > the means to get a PEM/DER-encoded RSA key; I had to go through the > gnutls_x509_*() functions to do that. What I need is a > gnutls_privkey_import() that can do the same, and a matching > gnutls_privkey_sign_hash2(), and then I can get rid of the > gnutls_x509_*() calls altogether. Currently the privkey interface has only operations on keys, and does not really need to access the key itself. That is because it is a front-end for the x509/openpgp and pkcs11 interfaces, and the pkcs11 interface may not have access to the key. That could be because the key is in a smart-card, that only provides operations. You can use the gnutls_x509_ interface to import/export from a file/buffer and then use the gnutls_privkey_ interface to import from that and access operations. In a language like C++ it would be easier to express that a gnutls_x509_privkey_t is also a gnutls_privkey_t, but in C it causes that inconvenience. > If you have a version available that has those API changes, I can > give it a try next week. You can check the version in master. regards, Nikos From nmav at gnutls.org Sat Jan 15 19:52:04 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 15 Jan 2011 19:52:04 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D31EB4F.2010609@gnutls.org> References: <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> <4D0A8351.9040704@gnutls.org> <4D0D852A.2090004@gnutls.org> <4D2C8662.6020400@gnutls.org> <4D319D5B.5080601@gnutls.org> <4D31EB4F.2010609@gnutls.org> Message-ID: <4D31ECD4.8070405@gnutls.org> On 01/15/2011 07:45 PM, Nikos Mavrogiannopoulos wrote: > Currently the privkey interface has only operations on keys, and does > not really need to access the key itself. That is because it is > a front-end for the x509/openpgp and pkcs11 interfaces, and the pkcs11 > interface may not have access to the key. That could be because the key > is in a smart-card, that only provides operations. Having said that, there might be some convenience functions like gnutls_privkey_import() and gnutls_privkey_export() that will operate as the gnutls_x509_privkey_import() and export(). Would functions like that reduce the code used in your scenario? regards, Nikos From msk at cloudmark.com Sun Jan 16 19:17:16 2011 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Sun, 16 Jan 2011 10:17:16 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D31ECD4.8070405@gnutls.org> References: <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> <4D0A8351.9040704@gnutls.org> <4D0D852A.2090004@gnutls.org> <4D2C8662.6020400@gnutls.org> <4D319D5B.5080601@gnutls.org> <4D31EB4F.2010609@gnutls.org> <4D31ECD4.8070405@gnutls.org> Message-ID: > -----Original Message----- > From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos > Sent: Saturday, January 15, 2011 10:52 AM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > Having said that, there might be some convenience functions like > gnutls_privkey_import() and gnutls_privkey_export() that will operate > as the gnutls_x509_privkey_import() and export(). Would functions > like that reduce the code used in your scenario? Making gnutls_privkey_import() able to handle the X509 formats almost covers what I need. The last bit is the ability to get the key size out. From msk at cloudmark.com Sun Jan 16 23:19:04 2011 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Sun, 16 Jan 2011 14:19:04 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D31EB4F.2010609@gnutls.org> References: <4D0091C9.1060902@gnutls.org> <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> <4D0A8351.9040704@gnutls.org> <4D0D852A.2090004@gnutls.org> <4D2C8662.6020400@gnutls.org> <4D319D5B.5080601@gnutls.org> <4D31EB4F.2010609@gnutls.org> Message-ID: > -----Original Message----- > From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos > Sent: Saturday, January 15, 2011 10:46 AM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > You can use gnutls_privkey_sign_hash2() instead of > gnutls_x509_privkey_sign_hash2(). There shouldn't be any side-effects. OK, I'll try that next week. > For verification you could use gnutls_pubkey_verify_data/hash. Already doing that. > You can use the gnutls_x509_ interface to import/export from a > file/buffer and then use the gnutls_privkey_ interface to import > from that and access operations. In a language like C++ it would > be easier to express that a gnutls_x509_privkey_t is also a > gnutls_privkey_t, but in C it causes that inconvenience. Yep, that's what I'm doing now. The gnutls_x509_*() calls are only to import a private key in PEM/DER format, and to get the key size out, and to sign a hash (though I'll try the non-x509 interface next week). Everything else is gnutls_privkey_*() or gnutls_pubkey_*() already. Does that sound right? From nmav at gnutls.org Mon Jan 17 21:32:12 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 17 Jan 2011 21:32:12 +0100 Subject: RSA sign/verify and hash generation functions In-Reply-To: References: <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> <4D0A8351.9040704@gnutls.org> <4D0D852A.2090004@gnutls.org> <4D2C8662.6020400@gnutls.org> <4D319D5B.5080601@gnutls.org> <4D31EB4F.2010609@gnutls.org> Message-ID: <4D34A74C.3090202@gnutls.org> On 01/16/2011 11:19 PM, Murray S. Kucherawy wrote: >> -----Original Message----- From: Nikos Mavrogiannopoulos >> [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos >> Mavrogiannopoulos Sent: Saturday, January 15, 2011 10:46 AM To: >> Murray S. Kucherawy Cc: help-gnutls at gnu.org Subject: Re: RSA >> sign/verify and hash generation functions >> >> You can use gnutls_privkey_sign_hash2() instead of >> gnutls_x509_privkey_sign_hash2(). There shouldn't be any >> side-effects. > > OK, I'll try that next week. > >> For verification you could use gnutls_pubkey_verify_data/hash. > > Already doing that. > >> You can use the gnutls_x509_ interface to import/export from a >> file/buffer and then use the gnutls_privkey_ interface to import >> from that and access operations. In a language like C++ it would be >> easier to express that a gnutls_x509_privkey_t is also a >> gnutls_privkey_t, but in C it causes that inconvenience. > > Yep, that's what I'm doing now. The gnutls_x509_*() calls are only > to import a private key in PEM/DER format, and to get the key size > out, and to sign a hash (though I'll try the non-x509 interface next > week). Everything else is gnutls_privkey_*() or gnutls_pubkey_*() > already. Does that sound right? Yes. Aboutthe non gnutls_x509_* interface I have not fixed my mind yet since it appears to have side-effects. The current calls you describe is what will work anyway. regards, Nikos From xuelei.fan at oracle.com Wed Jan 19 02:31:41 2011 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Wed, 19 Jan 2011 09:31:41 +0800 Subject: TLS 1.2 for GnuTLS test server Message-ID: <4D363EFD.2090505@oracle.com> The GnuTLS test server, http://www.gnu.org/software/gnutls/server.html, states that it supports TLS 1.2. However, when I try to connect the test server with Microsoft IE 8 and Java client in TLS 1.2, the TLS handshaking is failed to negotiate TLS 1.2 protocol. It seems that highest TLS version of the test server is TLS 1.1. Is there any configuration issue in the TLS test server? Thanks for any feedback. Regards, Xuelei From msk at cloudmark.com Wed Jan 19 23:07:41 2011 From: msk at cloudmark.com (Murray S. Kucherawy) Date: Wed, 19 Jan 2011 14:07:41 -0800 Subject: RSA sign/verify and hash generation functions In-Reply-To: <4D34A74C.3090202@gnutls.org> References: <4D0693C9.5040109@gnutls.org> <4D0A3A47.6060804@gnutls.org> <4D0A8351.9040704@gnutls.org> <4D0D852A.2090004@gnutls.org> <4D2C8662.6020400@gnutls.org> <4D319D5B.5080601@gnutls.org> <4D31EB4F.2010609@gnutls.org> <4D34A74C.3090202@gnutls.org> Message-ID: > -----Original Message----- > From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos > Sent: Monday, January 17, 2011 12:32 PM > To: Murray S. Kucherawy > Cc: help-gnutls at gnu.org > Subject: Re: RSA sign/verify and hash generation functions > > Yes. Aboutthe non gnutls_x509_* interface I have not fixed my mind > yet since it appears to have side-effects. The current calls you > describe is what will work anyway. Tested against a current master, works fine. So right now my only calls to gnutls_x509_*() are gnutls_x509_privkey_init() and gnutls_x509_privkey_import(). Hash signing and verifying and all public key operations are now using the more generic (i.e., gnutls_privkey_*() and gnutls_pubkey_*()) interfaces. -MSK From simon at josefsson.org Fri Jan 21 09:25:10 2011 From: simon at josefsson.org (Simon Josefsson) Date: Fri, 21 Jan 2011 09:25:10 +0100 Subject: gnutls/gnutls.h compile error In-Reply-To: (Norman Lam's message of "Fri, 21 Jan 2011 15:58:23 +0800") References: Message-ID: <87aaiuvf2x.fsf@latte.josefsson.org> Norman Lam writes: > Hi Simon > > > > I couldn't compile the gnutls for windows, using windows xp, vc2008++ > express > > > > I am getting all these exror, I basically follow the mod_dingaling from > freeswitch Hi Norman -- it looks like a problem with ssize_t, you need to make sure it is available before including gnutls.h. Gnutls.h tries to do this itself, but it probably fails on your system. /Simon > > > http://wiki.freeswitch.org/wiki/Dingaling#Windows_using_MSVC_2008 > > > > Can you shed on some light > > > > Thanks in advance > > > > Norman > > > > 1>------ Rebuild All started: Project: iksemel, Configuration: Debug Win32 > ------ > > 1>Deleting intermediate and output files for project 'iksemel', > configuration 'Debug|Win32' > > 1>Compiling... > > 1>dom.c > > 1>filter.c > > 1>iks.c > > 1>ikstack.c > > 1>io-posix.c > > 1>jabber.c > > 1>md5.c > > 1>sax.c > > 1>sha.c > > 1>stream.c > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(730) : error C2061: > syntax error : identifier 'gnutls_record_send' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(730) : error C2059: > syntax error : ';' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(730) : error C2059: > syntax error : 'type' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(732) : error C2061: > syntax error : identifier 'gnutls_record_recv' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(732) : error C2059: > syntax error : ';' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(732) : error C2059: > syntax error : 'type' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(744) : error C2061: > syntax error : identifier 'gnutls_record_set_max_size' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(744) : error C2059: > syntax error : ';' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(744) : error C2059: > syntax error : 'type' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1197) : error > C2143: syntax error : missing ')' before '*' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1197) : error > C2143: syntax error : missing '{' before '*' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1197) : error > C2059: syntax error : ')' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1199) : error > C2143: syntax error : missing ')' before '*' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1199) : error > C2143: syntax error : missing '{' before '*' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1199) : error > C2059: syntax error : ')' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1216) : error > C2146: syntax error : missing ')' before identifier 'push_func' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1216) : error > C2081: 'gnutls_push_func' : name in formal parameter list illegal > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1216) : error > C2061: syntax error : identifier 'push_func' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1216) : error > C2059: syntax error : ';' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1216) : error > C2059: syntax error : ')' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1218) : error > C2146: syntax error : missing ')' before identifier 'pull_func' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1218) : error > C2081: 'gnutls_pull_func' : name in formal parameter list illegal > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1218) : error > C2061: syntax error : identifier 'pull_func' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1218) : error > C2059: syntax error : ';' > > 1>c:\program files\Gnutls-2.10.1\include\gnutls\gnutls.h(1218) : error > C2059: syntax error : ')' > > 1>..\..\iksemel\src\stream.c(105) : error C2146: syntax error : missing ')' > before identifier 'tls_push' > > 1>..\..\iksemel\src\stream.c(105) : error C2059: syntax error : ')' > > 1>..\..\iksemel\src\stream.c(106) : error C2146: syntax error : missing ')' > before identifier 'tls_pull' > > 1>..\..\iksemel\src\stream.c(106) : error C2059: syntax error : ')' > > 1>utility.c > > 1>base64.c > > 1>Generating Code... > > 1>Build log was saved at > "file://c:\FS_GIT2\libs\win32\iksemel\Debug\BuildLog.htm" > > 1>iksemel - 29 error(s), 0 warning(s) > > ========== Rebuild All: 0 succeeded, 1 failed, 0 skipped ========== > > From nmav at gnutls.org Sat Jan 22 12:21:59 2011 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Sat, 22 Jan 2011 12:21:59 +0100 Subject: TLS 1.2 for GnuTLS test server In-Reply-To: <4D363BC9.9060204@oracle.com> References: <4D363BC9.9060204@oracle.com> Message-ID: <4D3ABDD7.7010608@gnutls.org> On 01/19/2011 02:18 AM, Xuelei Fan wrote: > The GnuTLS test server, http://www.gnu.org/software/gnutls/server.html, > states that it supports TLS 1.2. I suppose that the server used has not enabled TLS 1.2. You can run the latest test server version locally at your system, by building gnutls and running the ./doc/credentials/gnutls-http-serv script. regards, Nikos From xuelei.fan at oracle.com Tue Jan 25 01:58:14 2011 From: xuelei.fan at oracle.com (Xuelei Fan) Date: Tue, 25 Jan 2011 08:58:14 +0800 Subject: TLS 1.2 for GnuTLS test server In-Reply-To: <4D3ABDD7.7010608@gnutls.org> References: <4D363BC9.9060204@oracle.com> <4D3ABDD7.7010608@gnutls.org> Message-ID: <4D3E2026.7000401@oracle.com> Thanks for the reply. As the test server declares it supports TLS 1.2, it might be nice to enabled TLS 1.2 in server side to promote GnuTLS. Thanks & Regards, Xuelei On 1/22/2011 7:21 PM, Nikos Mavrogiannopoulos wrote: > On 01/19/2011 02:18 AM, Xuelei Fan wrote: >> The GnuTLS test server, http://www.gnu.org/software/gnutls/server.html, >> states that it supports TLS 1.2. > > I suppose that the server used has not enabled TLS 1.2. You can > run the latest test server version locally at your system, by > building gnutls and running the ./doc/credentials/gnutls-http-serv > script. > > regards, > Nikos From simon at josefsson.org Tue Jan 25 09:16:55 2011 From: simon at josefsson.org (Simon Josefsson) Date: Tue, 25 Jan 2011 09:16:55 +0100 Subject: GNU Network Security Labyrinth Message-ID: <87mxmp4cug.fsf@latte.josefsson.org> Hi folks, I'm going to be at FOSDEM and give a talk in the GNU DevRoom about network security technologies and their GNU implementation. It will cover (at least) SASL, Kerberos, GSS-API, and TLS. On Saturday 16:20-16:50 in H.2214. http://fosdem.org/2011/schedule/event/gnusecurity See you there! :) /Simon