[Help-gnutls] Problems with Key usage violation
andreas at dicp.ghb.fh-furtwangen.de
Wed Mar 30 21:01:40 CEST 2005
On Wed, 30 Mar 2005, Nikos Mavrogiannopoulos wrote:
>> Key usage:
>> Key encipherment.
> This only works with plain RSA cipher suites. That means that your server
> MUST NOT use DHE_RSA, which is a signing ciphersuite.
Off the top of my head I can't think of a good reason to use DHE_RSA for
an SSL server as it doesn't have to sign anything, right?
So disabling it wouldn't pose a problem.
>> Besides the fact that this should be valid for all kind of TLS servers, it
>> looks okay to me.
> No this is not valid for all TLS servers. Only for the ones that use plain
[ gnutls checking scope ]
> Only the key usage.
Is is really a good idea to be more strict here than e.g. openssl?
Because I do know of several servers which do have this problem when being
used by clients which are linked agains gnutls.
More information about the Gnutls-help