[gnutls-help] Renegotiating from ANON to RSA -- Removing all ciphersuites?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed Nov 11 11:18:12 CET 2015
On Wed, Nov 11, 2015 at 9:53 AM, Rick van Rein <rick at openfortress.nl> wrote:
> Hi Nikos,
>
> Thanks so far. I see you've dropped the list Cc, to which I'm
> impartial; the TLS Pool is open source code.
You did on your reply. I'm adding the ML.
>> If you could reproduce this with a minimal test
>> program (e.g., mini-x509 or so), I could take a look.
> I started making this, but the code is quite entangled with other
> modules that handle PIN entry, database lookups for credentials and so
> on. Instead, may I talk you through the publicly viewable code on
> GitHub? You could ignore most of it, and go for the gnutls_XXX labels.
I've added mini-x509-dual.c which does a dual handshake with
ANON-ECDH, followed by RSA. That seems to work. However, switching to
ECDHE or DHE failed. That was unfortunately a bug which I've fixed at:
https://gitlab.com/gnutls/gnutls/commit/4639441dc6f4c45b0ba806bc708fb928bb8a64ae
regards,
Nikos
More information about the Gnutls-help
mailing list