gnutls claims a disabled algorithm was negotiated

brian m. carlson sandals at crustytoothpaste.net
Sat Sep 1 01:42:52 CEST 2012


I've recently moved my mail server to running postfix, and as a result,
am now able to provide an EC key and certificate for TLS (the
certificate is signed by my local RSA CA).  However, when I try to
connect to postfix either using gnutls-cli or mutt (linked against
3.0.22), gnutls provides the following error:

*** Fatal error: An algorithm that is not enabled was negotiated.

This seems odd to me, since OpenSSL is very happy to make the
connection (as the client), and the algorithm that was negotiated is
ECDHE_ECDSA_AES_128_GCM_SHA256, which I'm pretty sure both GnuTLS and
OpenSSL support.  It also is odd that the complaint doesn't happen until
GnuTLS tries to verify the signature; shouldn't it die sooner if the
server picks an algorithm that it doesn't support?

Anyway, some help would be great.  I looked through the mailing list
archive and in Google, but found nothing.  I've attached a debug log.  I
can provide the certificate on request, but I can't leave postfix with
it enabled, or I can't send mail.  Also, I'm using Debian sid, if that's
useful to know.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
|<2>| Intel AES accelerator was detected
|<2>| Intel GCM accelerator was detected
|<2>| p11: loaded provider 'gnome-keyring-module' with 5 slots
|<2>| ASSERT: pkcs11.c:459
Processed 152 CA certificate(s).
Resolving 'smtp.crustytoothpaste.net'...
Connecting to '2001:470:1f05:79::1:587'...
|<4>| REC[0x188ae60]: Allocating epoch #0

- Simple Client Mode:

220 castro.crustytoothpaste.net ESMTP Postfix (Debian GNU/Linux)
EHLO lakeview
250-castro.crustytoothpaste.net
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH GSSAPI
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
STARTTLS
220 2.0.0 Ready to start TLS
*** Starting TLS handshake
|<2>| ASSERT: gnutls_constate.c:717
|<4>| REC[0x188ae60]: Allocating epoch #1
|<3>| HSK[0x188ae60]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_GCM_SHA256 (C0.2B)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA1 (C0.09)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: ECDHE_ECDSA_AES_128_CBC_SHA256 (C0.23)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_GCM_SHA384 (C0.2C)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA1 (C0.0A)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: ECDHE_ECDSA_AES_256_CBC_SHA384 (C0.24)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: ECDHE_ECDSA_3DES_EDE_CBC_SHA1 (C0.08)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: ECDHE_RSA_AES_128_GCM_SHA256 (C0.2F)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA1 (C0.13)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: ECDHE_RSA_AES_128_CBC_SHA256 (C0.27)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: ECDHE_RSA_AES_256_GCM_SHA384 (C0.30)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: ECDHE_RSA_AES_256_CBC_SHA1 (C0.14)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: ECDHE_RSA_3DES_EDE_CBC_SHA1 (C0.12)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_RSA_AES_128_GCM_SHA256 (00.9E)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA1 (00.33)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256 (00.67)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA1 (00.39)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_RSA_AES_256_CBC_SHA256 (00.6B)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_RSA_CAMELLIA_128_CBC_SHA1 (00.45)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_RSA_CAMELLIA_256_CBC_SHA1 (00.88)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_RSA_3DES_EDE_CBC_SHA1 (00.16)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_DSS_AES_128_GCM_SHA256 (00.A2)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA1 (00.32)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_DSS_AES_128_CBC_SHA256 (00.40)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA1 (00.38)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_DSS_AES_256_CBC_SHA256 (00.6A)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_DSS_CAMELLIA_128_CBC_SHA1 (00.44)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_DSS_CAMELLIA_256_CBC_SHA1 (00.87)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_DSS_3DES_EDE_CBC_SHA1 (00.13)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: DHE_DSS_ARCFOUR_SHA1 (00.66)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: RSA_AES_128_GCM_SHA256 (00.9C)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: RSA_AES_128_CBC_SHA1 (00.2F)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: RSA_AES_128_CBC_SHA256 (00.3C)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: RSA_AES_256_CBC_SHA1 (00.35)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: RSA_AES_256_CBC_SHA256 (00.3D)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: RSA_CAMELLIA_128_CBC_SHA1 (00.41)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: RSA_CAMELLIA_256_CBC_SHA1 (00.84)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: RSA_3DES_EDE_CBC_SHA1 (00.0A)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: RSA_ARCFOUR_SHA1 (00.05)
|<3>| HSK[0x188ae60]: Keeping ciphersuite: RSA_ARCFOUR_MD5 (00.04)
|<3>| EXT[0x188ae60]: Sending extension SERVER NAME (30 bytes)
|<3>| EXT[0x188ae60]: Sending extension SAFE RENEGOTIATION (1 bytes)
|<3>| EXT[0x188ae60]: Sending extension SUPPORTED ECC (12 bytes)
|<3>| EXT[0x188ae60]: Sending extension SUPPORTED ECC POINT FORMATS (2 bytes)
|<3>| EXT[0x188ae60]: sent signature algo (4.1) RSA-SHA256
|<3>| EXT[0x188ae60]: sent signature algo (4.2) DSA-SHA256
|<3>| EXT[0x188ae60]: sent signature algo (4.3) ECDSA-SHA256
|<3>| EXT[0x188ae60]: sent signature algo (5.1) RSA-SHA384
|<3>| EXT[0x188ae60]: sent signature algo (5.3) ECDSA-SHA384
|<3>| EXT[0x188ae60]: sent signature algo (6.1) RSA-SHA512
|<3>| EXT[0x188ae60]: sent signature algo (6.3) ECDSA-SHA512
|<3>| EXT[0x188ae60]: sent signature algo (3.1) RSA-SHA224
|<3>| EXT[0x188ae60]: sent signature algo (3.2) DSA-SHA224
|<3>| EXT[0x188ae60]: sent signature algo (3.3) ECDSA-SHA224
|<3>| EXT[0x188ae60]: sent signature algo (2.1) RSA-SHA1
|<3>| EXT[0x188ae60]: sent signature algo (2.2) DSA-SHA1
|<3>| EXT[0x188ae60]: sent signature algo (2.3) ECDSA-SHA1
|<3>| EXT[0x188ae60]: Sending extension SIGNATURE ALGORITHMS (28 bytes)
|<3>| HSK[0x188ae60]: CLIENT HELLO was queued [218 bytes]
|<4>| REC[0x188ae60]: Preparing Packet Handshake(22) with length: 218
|<4>| REC[0x188ae60]: Sent Packet[1] Handshake(22) in epoch 0 and length: 223
|<2>| ASSERT: gnutls_buffers.c:976
|<4>| REC[0x188ae60]: SSL 3.3 Handshake packet received. Epoch 0, length: 89
|<4>| REC[0x188ae60]: Expected Packet Handshake(22)
|<4>| REC[0x188ae60]: Received Packet Handshake(22) with length: 89
|<4>| REC[0x188ae60]: Decrypted Packet[0] Handshake(22) with length: 89
|<3>| HSK[0x188ae60]: SERVER HELLO was received. Length 85[85], frag offset 0, frag length: 85, sequence: 0
|<3>| HSK[0x188ae60]: Server's version: 3.3
|<3>| HSK[0x188ae60]: SessionID length: 32
|<3>| HSK[0x188ae60]: SessionID: 150354b21172b769f53dec4f93d264944474e695425f5729ef1f57c4af958a41
|<3>| HSK[0x188ae60]: Selected cipher suite: ECDHE_ECDSA_AES_128_GCM_SHA256
|<3>| HSK[0x188ae60]: Selected compression method: NULL (0)
|<3>| EXT[0x188ae60]: Parsing extension 'SAFE RENEGOTIATION/65281' (1 bytes)
|<3>| EXT[0x188ae60]: Parsing extension 'SUPPORTED ECC POINT FORMATS/11' (4 bytes)
|<3>| HSK[0x188ae60]: Safe renegotiation succeeded
|<2>| ASSERT: gnutls_buffers.c:976
|<4>| REC[0x188ae60]: SSL 3.3 Handshake packet received. Epoch 0, length: 1192
|<4>| REC[0x188ae60]: Expected Packet Handshake(22)
|<4>| REC[0x188ae60]: Received Packet Handshake(22) with length: 1192
|<4>| REC[0x188ae60]: Decrypted Packet[1] Handshake(22) with length: 1192
|<3>| HSK[0x188ae60]: CERTIFICATE was received. Length 1188[1188], frag offset 0, frag length: 1188, sequence: 0
|<2>| ASSERT: verify.c:410
|<2>| ASSERT: verify.c:674
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- The hostname in the certificate matches 'smtp.crustytoothpaste.net'.
*** Verifying server certificate failed...
|<2>| ASSERT: gnutls_buffers.c:976
|<4>| REC[0x188ae60]: SSL 3.3 Handshake packet received. Epoch 0, length: 213
|<4>| REC[0x188ae60]: Expected Packet Handshake(22)
|<4>| REC[0x188ae60]: Received Packet Handshake(22) with length: 213
|<4>| REC[0x188ae60]: Decrypted Packet[2] Handshake(22) with length: 213
|<3>| HSK[0x188ae60]: SERVER KEY EXCHANGE was received. Length 209[209], frag offset 0, frag length: 209, sequence: 0
|<3>| HSK[0x188ae60]: Selected ECC curve SECP384R1 (3)
|<3>| HSK[0x188ae60]: verify handshake data: using ECDSA-SHA256
|<2>| ASSERT: gnutls_sig.c:365
|<2>| ASSERT: dhe.c:329
|<2>| ASSERT: gnutls_kx.c:494
|<2>| ASSERT: gnutls_handshake.c:2524
*** Fatal error: An algorithm that is not enabled was negotiated.
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
 - |<2>| ASSERT: dn.c:286
|<2>| ASSERT: dn.c:286
subject `C=US,ST=Texas,L=Houston,O=Crusty Toothpaste,OU=Certificate Authority,CN=castro.crustytoothpaste.net', issuer `C=US,ST=Texas,L=Houston,O=Crusty Toothpaste,OU=Certificate Authority,CN=Crusty Toothpaste Certificate Authority,EMAIL=ca at crustytoothpaste.net', EC key 384 bits, signed using RSA-SHA512, activated `2012-08-28 00:00:00 UTC', expires `2020-05-06 23:59:59 UTC', SHA-1 fingerprint `d2d1ac6d014c0861618488dd032e37e4192aabef'
	Public Key Id:
		a74f88402a90c7da20856073d9cfa1a6c71ad21d
	Public key's random art:
		+--[  EC  384]----+
		|o+..o            |
		|o+o. . .         |
		|= o . + .        |
		|o= o E o         |
		|o + * . S .      |
		| o + = . +       |
		|  . + . o .      |
		|   .     o       |
		|          .      |
		+-----------------+

|<4>| REC: Sending Alert[2|80] - Internal error
|<4>| REC[0x188ae60]: Preparing Packet Alert(21) with length: 2
|<4>| REC[0x188ae60]: Sent Packet[2] Alert(21) in epoch 0 and length: 7
*** Handshake has failed

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20120831/0115c698/attachment.pgp>


More information about the Gnutls-help mailing list