[gnutls-help] Renegotiating from ANON to RSA -- Removing all ciphersuites?
Rick van Rein
rick at openfortress.nl
Mon Nov 9 23:29:11 CET 2015
Hello,
I'm trying to get optimal TLS privacy by first establishing an ANON-ECDH
connection, and then renegotiate it into an authenticated connection,
such as with an RSA certificate. This is only done when the application
protocol allows it.
Without the ANON-ECDH precursor, the authenticated connection succeeds.
Its cli+srv priority string is
NONE:+VERS-TLS-ALL:+VERS-DTLS-ALL:+COMP-NULL:+CIPHER-ALL:+CURVE-ALL:+SIGN-ALL:+MAC-ALL:-ANON-ECDH:+ECDHE-RSA:+DHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+RSA:+CTYPE-X.509:+CTYPE-OPENPGP:+SRP:+SRP-RSA:+SRP-DSS
The ANON-ECDH precursor also works (and moves straight on to
renegotiation). Its cli+srv priority string is
NONE:+VERS-TLS-ALL:+VERS-DTLS-ALL:+COMP-NULL:+CIPHER-ALL:+CURVE-ALL:+SIGN-ALL:+MAC-ALL:+ANON-ECDH:+ECDHE-RSA:+DHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+RSA:+CTYPE-X.509:+CTYPE-OPENPGP:+SRP:+SRP-RSA:+SRP-DSS
After the ANON-ECDH precursor, the renegotiated / authenticated
connection (with the former priority string) fails. It lists "Removing
ciphersuite" for all ciphersuites (note that ANON-ECDH is not provided
for any longer). The GnuTLS code for sending the ClientHello suggests
that this is based on the KX supported by the certificate, which I
imagine must refer to the pre-renegotiation (so ANON-ECDH) precursor
certificate. No KX would match with that (lack of a) certificate, of
course. The result is GNUTLS_E_INSUFFICIENT_CRED and a breakdown of
communication. IIRC.
I wonder if there is a way to have this "anonymous precursor" with
GnuTLS, or that I am overlooking something?
I'm working with GnuTLS 3.2.21.
Thanks,
-Rick
More information about the Gnutls-help
mailing list