[gnutls-help] gnutls offers rsa_pcks_sha1, but does not accept it
Philip Schaten
philip at noerdcampus.de
Tue Jun 8 10:37:07 CEST 2021
Hi,
>
> > - Using gnutls-cli, I try to establish a connection to the mail
> > server.
> > - From wireshark, I can see that gnutls offers rsa_pcks_sha1 as a
> > signature algorithm.
>
> Do you see this behavior also with the DEFAULT policy?
yes.
So, in brief:
DEFAULT policy is enabled.
GnuTLS proposes SHA1 as a signature algorithm during TLS Handshake.
Server chooses SHA1.
GnuTLS cancels because SHA1 is forbidden by DEFAULT crypto-policy.
In the end, this leads to evolution mailclient not working anymore.
Best
Philip
P.S.: I sent you the mailserver address privately, in case you want to
reproduce the problem.
More information about the Gnutls-help
mailing list