[gnutls-devel] GnuTLS | Cannot use TPMv2 EC key with TLSv1.3; silent failure (#1234)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue May 11 20:02:30 CEST 2021
David Woodhouse commented:
... and when I force TLSv1.2 using the TPM key:
```
BUF[REC]: Inserted 63 bytes of Data(22)
HSK[0x192b870]: CERTIFICATE REQUEST (13) was received. Length 59[59], frag offset 0, frag length: 59, sequence: 0
EXT[0x192b870]: rcvd signature algo (4.1) RSA-SHA256
EXT[0x192b870]: rcvd signature algo (8.9) RSA-PSS-SHA256
EXT[0x192b870]: rcvd signature algo (8.4) RSA-PSS-RSAE-SHA256
EXT[0x192b870]: rcvd signature algo (4.3) ECDSA-SHA256
EXT[0x192b870]: rcvd signature algo (8.7) EdDSA-Ed25519
EXT[0x192b870]: rcvd signature algo (5.1) RSA-SHA384
EXT[0x192b870]: rcvd signature algo (8.10) RSA-PSS-SHA384
EXT[0x192b870]: rcvd signature algo (8.5) RSA-PSS-RSAE-SHA384
EXT[0x192b870]: rcvd signature algo (5.3) ECDSA-SHA384
EXT[0x192b870]: rcvd signature algo (8.8) EdDSA-Ed448
EXT[0x192b870]: rcvd signature algo (6.1) RSA-SHA512
EXT[0x192b870]: rcvd signature algo (8.11) RSA-PSS-SHA512
EXT[0x192b870]: rcvd signature algo (8.6) RSA-PSS-RSAE-SHA512
EXT[0x192b870]: rcvd signature algo (6.3) ECDSA-SHA512
EXT[0x192b870]: rcvd signature algo (2.1) RSA-SHA1
EXT[0x192b870]: rcvd signature algo (2.3) ECDSA-SHA1
EXT[0x192b870]: rcvd signature algo (2.2) DSA-SHA1
ASSERT: buffers.c[get_last_packet]:1168
READ: Got 5 bytes from 0x5
READ: read 5 bytes from 0x5
RB: Have 0 bytes into buffer. Adding 5 bytes.
RB: Requested 5 bytes
REC[0x192b870]: SSL 3.3 Handshake packet received. Epoch 0, length: 4
REC[0x192b870]: Expected Packet Handshake(22)
REC[0x192b870]: Received Packet Handshake(22) with length: 4
READ: Got 4 bytes from 0x5
READ: read 4 bytes from 0x5
RB: Have 5 bytes into buffer. Adding 4 bytes.
RB: Requested 9 bytes
REC[0x192b870]: Decrypted Packet[3] Handshake(22) with length: 4
BUF[REC]: Inserted 4 bytes of Data(22)
HSK[0x192b870]: SERVER HELLO DONE (14) was received. Length 0[0], frag offset 0, frag length: 0, sequence: 0
HSK[0x192b870]: CERTIFICATE was queued [541 bytes]
HWRITE: enqueued [CERTIFICATE] 541. Total 541 bytes.
ASSERT: mpi.c[wrap_nettle_mpi_print]:60
HSK[0x192b870]: CLIENT KEY EXCHANGE was queued [310 bytes]
HWRITE: enqueued [CLIENT KEY EXCHANGE] 310. Total 851 bytes.
checking cert compat with RSA-SHA256
cannot use privkey of EC/ECDSA with RSA-SHA256
checking cert compat with RSA-PSS-SHA256
cannot use privkey of EC/ECDSA with RSA-PSS-SHA256
checking cert compat with RSA-PSS-RSAE-SHA256
cannot use privkey of EC/ECDSA with RSA-PSS-RSAE-SHA256
checking cert compat with ECDSA-SHA256
sign handshake cert vrfy: picked ECDSA-SHA256
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1234#note_572942436
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210511/be09c034/attachment.html>
More information about the Gnutls-devel
mailing list