From ametzler at bebt.de  Sat May  1 18:19:39 2021
From: ametzler at bebt.de (Andreas Metzler)
Date: Sat, 1 May 2021 18:19:39 +0200
Subject: [gnutls-help] debugging "(gnutls_handshake): No supported
 cipher suites have been found"
In-Reply-To: <YDEDegndHkTzN7Ss@argenau.bebt.de>
References: <YDEDegndHkTzN7Ss@argenau.bebt.de>
Message-ID: <YI1/m15ibeqrV4DU@argenau.bebt.de>

On 2021-02-20 Andreas Metzler <ametzler at bebt.de> wrote:
> looking at my mail server logs I have found 

> 2021-02-20 12:13:53 TLS error on connection from [...] (gnutls_handshake): No supported cipher suites have been found.

> for incoming connections, outgoing connections to the same host succeed
> with X=TLS1.2:ECDHE_SECP256R1__RSA_SHA256__AES_256_GCM:256

> My host is running Debian/stable (gnutls 3.6.7), I have also tried with
> gnutls 3.6.15 or with priorities NORMAL:-VERS-TLS1.3 or NORMAL:%COMPAT.

Hello,

Looks like the connecting hosts did not like the secp384r1 certificate.
I have now also got an rsa certificate and let exim show both.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'


From philip at noerdcampus.de  Sat May 15 17:42:05 2021
From: philip at noerdcampus.de (Philip Schaten)
Date: Sat, 15 May 2021 17:42:05 +0200
Subject: [gnutls-help] Fedora 34,
 One of the involved algorithms has insufficient security level
Message-ID: <e5aba9f418d27ebe75dc5044e25cb7d475324631.camel@noerdcampus.de>

Hi!
After an upgrade to Fedora 34, gnutls-cli gives me a
`*** Fatal error: One of the involved algorithms has insufficient
security level.` when connecting to my university mail server.

With `gnutls-cli --allow-broken`, connection works and I get this
result `- Description: (TLS1.2-X.509)-(ECDHE-SECP256R1)-(RSA-SHA1)-
(AES-128-CBC)-(SHA1)`.
Using `gnutls-cli -l` I can see that SHA1 in combination with tls1.2
seems to be forbidden.
Also, `gnutls-cli-debug` tells me it needs to disable TLS1.2 (why is
this?).
Might this be the reason for the error/is there a way to find out?
Is it a bug in gnutls or misconfiguration in the university mail
server?

Thanks a lot.
Best
Philip

P.S.: gnutls-cli 3.7.1



From ueno at gnu.org  Mon May 17 10:19:35 2021
From: ueno at gnu.org (Daiki Ueno)
Date: Mon, 17 May 2021 10:19:35 +0200
Subject: [gnutls-help] Fedora 34,
 One of the involved algorithms has insufficient security level
In-Reply-To: <e5aba9f418d27ebe75dc5044e25cb7d475324631.camel@noerdcampus.de>
 (Philip Schaten's message of "Sat, 15 May 2021 17:42:05 +0200")
References: <e5aba9f418d27ebe75dc5044e25cb7d475324631.camel@noerdcampus.de>
Message-ID: <87pmxp7ox4.fsf-ueno@gnu.org>

Hello Philip,

Philip Schaten <philip at noerdcampus.de> writes:

> Hi!
> After an upgrade to Fedora 34, gnutls-cli gives me a
> `*** Fatal error: One of the involved algorithms has insufficient
> security level.` when connecting to my university mail server.
>
> With `gnutls-cli --allow-broken`, connection works and I get this
> result `- Description: (TLS1.2-X.509)-(ECDHE-SECP256R1)-(RSA-SHA1)-
> (AES-128-CBC)-(SHA1)`.
> Using `gnutls-cli -l` I can see that SHA1 in combination with tls1.2
> seems to be forbidden.
> Also, `gnutls-cli-debug` tells me it needs to disable TLS1.2 (why is
> this?).
> Might this be the reason for the error/is there a way to find out?
> Is it a bug in gnutls or misconfiguration in the university mail
> server?

In Fedora, allowed algorithms are centrally managed through
crypto-policies, where SHA-1 is indeed disabled for digital signatures:
https://fedoraproject.org/wiki/Changes/StrongCryptoSettings2

You could either downgrade the policy profile to LEGACY, with:

  sudo update-crypto-policies --set LEGACY

or create a custom crypto policy:

  https://archive.fosdem.org/2020/schedule/event/security_custom_crypto_policies/attachments/slides/4089/export/events/attachments/security_custom_crypto_policies/slides/4089/custom_crypto_policies_fosdem.pdf

Regards,
-- 
Daiki Ueno


From ueno at gnu.org  Mon May 24 10:49:49 2021
From: ueno at gnu.org (Daiki Ueno)
Date: Mon, 24 May 2021 10:49:49 +0200
Subject: [gnutls-help] gnutls 3.6.16
Message-ID: <874kesh5xu.fsf-ueno@gnu.org>

Hello,
 We've just released gnutls 3.6.16. This is a security and bug fix
release on the stable 3.6.x branch.

We'd like to thank everyone who contributed in this release:
Daiki Ueno, Fiona Klute, and Stefan Berger.

The detailed list of changes follows:

* Version 3.6.16 (released 2021-05-24)

** libgnutls: Fixed potential miscalculation of ECDSA/EdDSA code backported from
   Nettle.  In GnuTLS, as long as it is built and linked against the fixed
   version of Nettle, this only affects GOST curves.  [CVE-2021-20305]

** libgnutls: Fixed potential use-after-free in sending "key_share"
   and "pre_shared_key" extensions. When sending those extensions, the
   client may dereference a pointer no longer valid after
   realloc. This happens only when the client sends a large Client
   Hello message, e.g., when HRR is sent in a resumed session
   previously negotiated large FFDHE parameters, because the initial
   allocation of the buffer is large enough without having to call
   realloc (#1151).  [GNUTLS-SA-2021-03-10, CVSS: low]

** API and ABI modifications:
No changes since last version.

Getting the Software
====================

GnuTLS may be downloaded directly from <
ftp://ftp.gnutls.org/gcrypt/gnutls/>;.
A list of GnuTLS mirrors can be found at <
http://www.gnutls.org/download.html>

Here are the XZ compressed sources:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.16.tar.xz

Here are OpenPGP detached signatures signed using key 0x462225C3B46F34879FC8496CD605848ED7E69871:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.16.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   rsa4096 2009-07-23 [SC] [expires: 2023-09-25]
      462225C3B46F34879FC8496CD605848ED7E69871
uid           [ultimate] Daiki Ueno <ueno at unixuser.org>
uid           [ultimate] Daiki Ueno <ueno at gnu.org>
sub   rsa4096 2010-02-04 [E]

Regards,
-- 
Daiki Ueno, on behalf of the GnuTLS development team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20210524/251883c1/attachment.sig>

From ueno at gnu.org  Sat May 29 10:54:52 2021
From: ueno at gnu.org (Daiki Ueno)
Date: Sat, 29 May 2021 10:54:52 +0200
Subject: [gnutls-help] gnutls 3.7.2
Message-ID: <87tuml3oo3.fsf-ueno@gnu.org>

Hello,
 We've just released gnutls 3.7.2. This is a bug fix and enhancement
release on the 3.7.x branch.

We'd like to thank everyone who contributed in this release:
Alexander Sosedkin, Andreas Metzler, Daiki Ueno, Daniel Kahn Gillmor,
Franti?ek Kren?elok, Leonardo Bras, Ludovic Court?s, Ruslan
N. Marchenko, and Stephan Mueller.

The detailed list of changes follows:

* Version 3.7.2 (released 2021-05-29)

** libgnutls: The priority string option %DISABLE_TLS13_COMPAT_MODE was added
   to disable TLS 1.3 middlebox compatibility mode

** libgnutls: The Linux kernel AF_ALG based acceleration has been added.
   This can be enabled with --enable-afalg configure option, when libkcapi
   package is installed (#308).

** libgnutls: Fixed timing of early data exchange. Previously, the client was
   sending early data after receiving Server Hello, which not only negates the
   benefit of 0-RTT, but also works under certain assumptions hold (e.g., the
   same ciphersuite is selected in initial and resumption handshake) (#1146).

** certtool: When signing a CSR, CRL distribution point (CDP) is no longer
   copied from the signing CA by default (#1126).

** libgnutls: The GNUTLS_NO_EXPLICIT_INIT envvar has been renamed to
   GNUTLS_NO_IMPLICIT_INIT to reflect the purpose (#1178). The former is now
   deprecated and will be removed in the future releases.

** certtool: When producing certificates and certificate requests, subject DN
   components that are provided individually will now be ordered by
   assumed scale (e.g. Country before State, Organization before
   OrganizationalUnit).  This change also affects the order in which
   certtool prompts interactively.  Please rely on the template
   mechanism for automated use of certtool! (#1243)

** API and ABI modifications:
gnutls_early_cipher_get: Added
gnutls_early_prf_hash_get: Added

Getting the Software
====================

GnuTLS may be downloaded directly from <
ftp://ftp.gnutls.org/gcrypt/gnutls/>;.
A list of GnuTLS mirrors can be found at <
http://www.gnutls.org/download.html>

Here are the XZ compressed sources:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.2.tar.xz

Here are OpenPGP detached signatures signed using key 0x462225C3B46F34879FC8496CD605848ED7E69871:

  https://www.gnupg.org/ftp/gcrypt/gnutls/v3.7/gnutls-3.7.2.tar.xz.sig

Note that it has been signed with my openpgp key:
pub   rsa4096 2009-07-23 [SC] [expires: 2023-09-25]
      462225C3B46F34879FC8496CD605848ED7E69871
uid           [ultimate] Daiki Ueno <ueno at unixuser.org>
uid           [ultimate] Daiki Ueno <ueno at gnu.org>
sub   rsa4096 2010-02-04 [E]

Regards,
-- 
Daiki Ueno

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20210529/104682e0/attachment.sig>