[Help-gnutls] Problems with Key usage violation

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Mar 30 22:18:05 CEST 2005

On Wednesday 30 March 2005 21:01, Andreas Thienemann wrote:

> > This only works with plain RSA cipher suites. That means that your server
> > MUST NOT use DHE_RSA, which is a signing ciphersuite.
> Off the top of my head I can't think of a good reason to use DHE_RSA for
> an SSL server as it doesn't have to sign anything, right?
> So disabling it wouldn't pose a problem.
In DHE_RSA the RSA certificate is used to sign a diffie hellman key exchange.
This offers perfect forward secrecy, which means that if the certificate
is compromised at a future date, the old session data are still safe. This
property is not available in the plain RSA ciphersuite.

Other than that, and given that all clients support plain RSA, it shouldn't
pose a problem.

> Is is really a good idea to be more strict here than e.g. openssl?
> Because I do know of several servers which do have this problem when being
> used by clients which are linked agains gnutls.
Well it would be useless for a certificate to have the key usage bits set when
nobody actually checks them. If you use them, it's probably because you want
to limit the key's scope, and gnutls is just enforcing it. If you don't want 
these checks, you shouldn't put such extensions to your certificates.

> bye,
>   andreas

Nikos Mavrogiannopoulos

More information about the Gnutls-help mailing list