gnutls claims a disabled algorithm was negotiated

brian m. carlson sandals at crustytoothpaste.net
Sat Sep 1 19:32:04 CEST 2012


On Sat, Sep 01, 2012 at 10:31:55AM +0200, Nikos Mavrogiannopoulos wrote:
> Interesting case.
> > |<3>| HSK[0x188ae60]: Selected ECC curve SECP384R1 (3)
> > |<3>| HSK[0x188ae60]: verify handshake data: using ECDSA-SHA256
> > |<2>| ASSERT: gnutls_sig.c:365
> 
> I suppose that your server's certificate has the SECP384R1 curve, is
> that right? In that case the server should have used the SHA-384 or
> SHA-512 hash algorithms (see
> http://tools.ietf.org/html/rfc5480#section-4 ). However your server used
> SHA-256 instead and that's why gnutls complains.

Yes, that is the case.  I suppose this is a bug in OpenSSL?

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20120901/723de8b3/attachment.pgp>


More information about the Gnutls-help mailing list