[Help-gnutls] Problems with Key usage violation

Andreas Thienemann andreas at dicp.ghb.fh-furtwangen.de
Wed Mar 30 21:01:40 CEST 2005

On Wed, 30 Mar 2005, Nikos Mavrogiannopoulos wrote:

>>          Key usage:
>>                  Key encipherment.
> This only works with plain RSA cipher suites. That means that your server
> MUST NOT use DHE_RSA, which is a signing ciphersuite.
Off the top of my head I can't think of a good reason to use DHE_RSA for 
an SSL server as it doesn't have to sign anything, right?

So disabling it wouldn't pose a problem.

>> Besides the fact that this should be valid for all kind of TLS servers, it
>> looks okay to me.
> No this is not valid for all TLS servers. Only for the ones that use plain
> RSA.
I see.

[ gnutls checking scope ]
> Only the key usage.
Is is really a good idea to be more strict here than e.g. openssl?
Because I do know of several servers which do have this problem when being 
used by clients which are linked agains gnutls.


More information about the Gnutls-help mailing list