gnutls claims a disabled algorithm was negotiated

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Sep 2 01:54:40 CEST 2012


On 09/01/2012 07:32 PM, brian m. carlson wrote:

> On Sat, Sep 01, 2012 at 10:31:55AM +0200, Nikos Mavrogiannopoulos wrote:
>> Interesting case.
>>> |<3>| HSK[0x188ae60]: Selected ECC curve SECP384R1 (3)
>>> |<3>| HSK[0x188ae60]: verify handshake data: using ECDSA-SHA256
>>> |<2>| ASSERT: gnutls_sig.c:365
>>
>> I suppose that your server's certificate has the SECP384R1 curve, is
>> that right? In that case the server should have used the SHA-384 or
>> SHA-512 hash algorithms (see
>> http://tools.ietf.org/html/rfc5480#section-4 ). However your server used
>> SHA-256 instead and that's why gnutls complains.
> Yes, that is the case.  I suppose this is a bug in OpenSSL?


Unfortunately yes, and I'm afraid the issue may be bigger. IETF has
failed to clarify details of ECDSA/DSA usage and this is one of the
side-effects. That's why I think I'll deviate from the ECDSA protocol to
support those buggy implementations.

regards,
Nikos




More information about the Gnutls-help mailing list