[gnutls-devel] multiple keys + certificates for gnutls-serv (and gnutls_certificate_set_key())
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Feb 22 02:09:44 CET 2016
Hi GnuTLS folks--
gnutls-serv limits itself to one --x509keyfile argument, and if you
supply multiple keys and multiple certs, it appears to only use the
I haven't looked into whether this is handled cleanly in
gnutls_certificate_set_key(), but it's documented as:
>> If multiple certificates are used with the functions above each
>> client’s request will be served with the certificate that matches the
>> requested name (see Server name indication).
it would be good to be able to launch gnutls-serv with multiple
keys and certificates, but multiple names are not the only form of
certificate selection that GnuTLS should do.
A couple of other selections:
(a) an RSA key and an ECDSA key, to support connections with different
server signature mechanisms based on ciphersuites.
(b) one RSA key with a cert marked for signing-only (DHE-RSA, ECDHE-RSA
key exchanges), and another RSA key with a cert marked for
encryption only (non-PFS RSA key exchange)
(b) in particular is desirable if we want to defend against a possible
future Bleichenbacher attack, as described by Tibor Jager:
So perhaps this is two requests:
* allow multiple certs in gnutls-serv
* improve default certificate selection mechanisms based on ciphersuite
negotiation (both signature algorithms and key exchange algorithms),
not just server name.
Does this seem reasonable?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 948 bytes
Desc: not available
More information about the Gnutls-devel