GnuTLS 2.8.6 vs RFC 4346 stringent EXPORT cipher suites condition

Adrian F. Dimcev adimcev at carbonwind.net
Fri Mar 19 19:02:17 CET 2010 

http://www3.tools.ietf.org/html/rfc4346

Section A5:
A series of cipher suites were designed to operate at reduced key
lengths in order to comply with those regulations.  Due to advances in
computer performance, these algorithms are now unacceptably weak, and
export restrictions have since been loosened. TLS 1.1 implementations
MUST NOT negotiate these cipher suites in TLS 1.1 mode. However, for
backward compatibility they may be offered in the Client Hello for use
with TLS 1.0 or SSLv3-only servers. TLS 1.1 clients MUST check that the
server did not choose one of these cipher suites during the handshake. 
These ciphersuites are listed below for informational purposes and to
reserve the numbers.
CipherSuite TLS_RSA_EXPORT_WITH_RC4_40_MD5 = { 0x00,0x03 };
...

---

Testing Apache 2.2.15 + mod_gnutls 0.5.5 + GnuTLS 2.8.6 all source
builds(on Ubuntu Server 9.1 x64).

On the server I have:

<VirtualHost 192.168.22.163:443>
    GnuTLSEnable on
    GnuTLSPriorities EXPORT
    DocumentRoot /usr/local/apache2/htdocs
    GnuTLSCertificateFile /usr/local/apache2/conf/rsa_server.pem
    GnuTLSKeyFile /usr/local/apache2/conf/rsa_server.key
    GnuTLSRSAFile /usr/local/apache2/conf/rsa_512bit.key
</VirtualHost>

If I want to negotiate and use TLS_RSA_EXPORT_WITH_RC4_40_MD5 under TLS
1.1 it seems I don't have any kind of problems(both client and server
use GnuTLS).
Also, IMHO, the gnu-cli used as below could have failed with 'no
supported cipher suites have been found' or something instead of sending
the Client Hello(as I explicitly specified the (only) TLS version to use
+ the only cipher/key exchange to be used, is not that I also specified
RSA and ARCFOUR-128).

gnutls-cli 192.168.22.163 --priority
NONE:+VERS-TLS1.1:+ARCFOUR-40:+RSA-EXPORT:+MD5:+COMP-NULL --insecure

Resolving '192.168.22.163'...
Connecting to '192.168.22.163:443'...
- Certificate type: X.509
 - Got a certificate list of 1 certificates.
 - Certificate[0] info:
  - subject `CN=www.example.net', issuer `CN=Test XCA', RSA key 1024
bits, signed using RSA-SHA, activated `2009-11-13 12:59:50 UTC', expires
`2010-11-13 12:59:50 UTC', SHA-1 fingerprint
`388492223f7e88e728a4b19ed124a00f0a2c73e2'
- The hostname in the certificate does NOT match '192.168.22.163'
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.1
- Key Exchange: RSA-EXPORT
- Cipher: ARCFOUR-40
- MAC: MD5
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

^C

More information about the Gnutls-devel mailing list