NULL cipher suites broken in gnutls 3.0.5 ?
Fabrice Gautier
fabrice.gautier at gmail.com
Fri Nov 4 01:59:30 CET 2011
Hi,
I get decryption error when using NULL-MD5 or NULL-SHA1 cipher suites
when using gnutls-serv, and connecting with a openssl client.
Server is started that way:
$ gnutls-serv --http --x509cafile x509-ca.pem --x509keyfile
x509-server-key.pem --x509certfile x509-server.pem --priority
"NORMAL:+ANON-DH:+NULL"
The openssl s_client is started that way:
$ openssl s_client -cipher NULL-SHA -connect localhost:5556
This is what I get from the gnutls logs:
* Accepted connection from IPv4 127.0.0.1 port 53650 on Thu Nov 3 17:23:51 2011
* Successful handshake from IPv4 127.0.0.1 port 53650
- Session ID: 26:C8:6A:7B:CE:F2:99:0B:19:1F:90:90:D8:58:73:60:99:BF:8D:DE:1B:7B:77:A2:80:54:65:11:D0:A8:5F:94
- Certificate type: X.509
- Could not verify certificate (err: The peer did not send any certificate.)
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: NULL
- MAC: SHA1
- Compression: NULL
Error while receiving data
>From the openssl side I get an error as well:
140735311722940:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption
failed or bad record mac:s3_pkt.c:479:
I believe it worked fine when I was using gnutls-2.12. I used both
openssl 0.9.8r and 1.0.0e for the client side.
Any known issue there ?
-- Fabrice
More information about the Gnutls-help
mailing list