<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=utf-8" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<div></div>

<h2 dir="auto">

<a id="user-content-description-of-problem" class="anchor" href="#description-of-problem" aria-hidden="true"></a>Description of problem:</h2>

<p dir="auto">When server applications use GnuTLS for TLS with server key in a PKCS#11 device, the library should check if the PKCS#11 module supports RSA-PSS or raw-RSA mechanisms before negotiating TLS 1.3 and failing without any mechanisms to try (or blindly trying unsupported mechanisms).</p>

<p dir="auto">Originally reported in: <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1681274" rel="nofollow noreferrer noopener" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=1681274</a></p>

<h2 dir="auto">

<a id="user-content-version-of-gnutls-used" class="anchor" href="#version-of-gnutls-used" aria-hidden="true"></a>Version of gnutls used:</h2>

<p dir="auto">3.6.5</p>

<h2 dir="auto">

<a id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" class="anchor" href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>

<p dir="auto">RHEL</p>

<h2 dir="auto">

<a id="user-content-how-reproducible" class="anchor" href="#how-reproducible" aria-hidden="true"></a>How reproducible:</h2>

<p dir="auto">always</p>

<p dir="auto">Steps to Reproduce:</p>

<ul dir="auto">

<li>Prerequisites:

<ul>

<li>PKCS#11 module without RSA-PSS nor raw-RSA mechanisms support.</li>

</ul>

</li>

<li>Run GnuTLS test server (but it should be reproducible with any other server using GnuTLS) using the key in the PKCS#11 device:</li>

</ul>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">gnutls-serv --http --x509certfile="pkcs11:token=SomeDevice;object=cert;type=cert" --x509keyfile="pkcs11:token=SomeDevice;object=key;type=private?pin-value=111111" -d 9</span></code></pre>

<ul dir="auto">

<li>Try to connect to the https port with TLS 1.3 capable client:</li>

</ul>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">wget --no-check-certificate --tries 1 https://localhost:5556/</span></code></pre>

<h2 dir="auto">

<a id="user-content-actual-results" class="anchor" href="#actual-results" aria-hidden="true"></a>Actual results:</h2>

<p dir="auto">TLS 1.3 connection fails without any ciphersuites that could be used:</p>

<pre class="code highlight js-syntax-highlight plaintext" lang="plaintext" v-pre="true"><code><span id="LC1" class="line" lang="plaintext">|<2>| checking c0.9e (GNUTLS_DHE_RSA_AES_128_CCM) for compatibility</span>

<span id="LC2" class="line" lang="plaintext">|<2>| checking 00.33 (GNUTLS_DHE_RSA_AES_128_CBC_SHA1) for compatibility</span>

<span id="LC3" class="line" lang="plaintext">|<3>| ASSERT: ciphersuites.c[_gnutls_figure_common_ciphersuite]:1587</span>

<span id="LC4" class="line" lang="plaintext">|<3>| ASSERT: handshake.c[_gnutls_server_select_suite]:1079</span>

<span id="LC5" class="line" lang="plaintext">|<3>| ASSERT: handshake.c[read_client_hello]:800</span>

<span id="LC6" class="line" lang="plaintext">|<3>| ASSERT: handshake.c[_gnutls_recv_handshake]:1545</span>

<span id="LC7" class="line" lang="plaintext">|<3>| ASSERT: handshake.c[handshake_server]:3389</span>

<span id="LC8" class="line" lang="plaintext">Error in handshake: No supported cipher suites have been found.</span>

<span id="LC9" class="line" lang="plaintext">|<5>| REC: Sending Alert[2|40] - Handshake failed</span>

<span id="LC10" class="line" lang="plaintext">|<5>| REC[0x55ed12486eb0]: Preparing Packet Alert(21) with length: 2 and min pad: 0</span>

<span id="LC11" class="line" lang="plaintext">|<9>| ENC[0x55ed12486eb0]: cipher: NULL, MAC: MAC-NULL, Epoch: 0</span>

<span id="LC12" class="line" lang="plaintext">|<5>| REC[0x55ed12486eb0]: Sent Packet[1] Alert(21) in epoch 0 and length: 7</span></code></pre>

<h2 dir="auto">

<a id="user-content-expected-results" class="anchor" href="#expected-results" aria-hidden="true"></a>Expected results:</h2>

<p dir="auto">The library should downgrade the TLS version to 1.2 if it can not provide valid signature for TLS 1.3</p>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/issues/731">view it on GitLab</a>.

<br>

You're receiving this email because of your account on gitlab.com.

If you'd like to receive fewer emails, you can

<a href="https://gitlab.com/sent_notifications/8887ac572c5dbaadf4e734f7b5633ae1/unsubscribe">unsubscribe</a>

from this thread or

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/issues/731"}}</script>

</p>

</div>

</body>

</html>