[gnutls-devel] GnuTLS | `--priority` mishandling with hybrid key exchanges (#1602)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Thu Oct 31 23:28:09 CET 2024
Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1602
With the current git master (3.8.7-57-gd2f7c6e4c1), the following causes "invalid decryption":
```console
$ src/gnutls-cli -p 4433 --insecure --priority NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519-MLKEM768:+GROUP-X25519 localhost
```
while either of the following works:
```console
# combination of X25519-MLKEM768 and SECP256R1
$ src/gnutls-cli -p 4433 --insecure --priority NORMAL:-VERS-ALL:+VERS-TLS1.3:-GROUP-ALL:+GROUP-X25519-MLKEM768:+GROUP-SECP256R1 localhost
# no version restriction
$ src/gnutls-cli -p 4433 --insecure --priority NORMAL:-GROUP-ALL:+GROUP-X25519-MLKEM768:+GROUP-X25519 localhost
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1602
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20241031/286404e6/attachment.html>
More information about the Gnutls-devel
mailing list