TLSv1.2 interop issue (was: Re: gnutls 3.0.9)
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Jan 5 10:37:10 CET 2012
On Thu, Jan 5, 2012 at 10:29 AM, Florian Weimer <fweimer at bfk.de> wrote:
> * Nikos Mavrogiannopoulos:
>>> We're seeing interop issues with a TLSv1.2 server which advertises are
>>> fairly restricted list of cipher suites.
>> What do you see?
> Well, the cipher suite thing was a different bug, on the server side,
> not caused by GNUTLS. Fixing that didn't make a dent in the original
> issue.
> The issue is triggered when I use GNTULS 2.12.14 to connect to an
> OpenJDK 7u2 server which requires client certificates.
> Here's output from "gnutls-cli --debug 255":
[...]
> gnutls_sig.c:630 says:
> | return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); /* too bad we only support SHA1 and SHA256 */
Can you try gnutls 3.0.x? It doesn't have this limitation.
> This is a bit puzzling. Why does GNUTLS pick RSA-SHA512 if it doesn't
> support the algorithm?
Could you send me the transaction as a tcpdump raw file (to open with
wireshark).
I'll check later whether there can be a fix for 2.12.x.
regards,
Nikos
More information about the Gnutls-help
mailing list