[gnutls-help] Renegotiating from ANON to RSA -- Removing all ciphersuites?

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Nov 10 16:24:04 CET 2015


On Mon, Nov 9, 2015 at 11:29 PM, Rick van Rein <rick at openfortress.nl> wrote:
> Hello,
>
> I'm trying to get optimal TLS privacy by first establishing an ANON-ECDH
> connection, and then renegotiate it into an authenticated connection,
> such as with an RSA certificate.  This is only done when the application
> protocol allows it.
>
> Without the ANON-ECDH precursor, the authenticated connection succeeds.
> Its cli+srv priority string is
> NONE:+VERS-TLS-ALL:+VERS-DTLS-ALL:+COMP-NULL:+CIPHER-ALL:+CURVE-ALL:+SIGN-ALL:+MAC-ALL:-ANON-ECDH:+ECDHE-RSA:+DHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+RSA:+CTYPE-X.509:+CTYPE-OPENPGP:+SRP:+SRP-RSA:+SRP-DSS
>
> The ANON-ECDH precursor also works (and moves straight on to
> renegotiation).  Its cli+srv priority string is
> NONE:+VERS-TLS-ALL:+VERS-DTLS-ALL:+COMP-NULL:+CIPHER-ALL:+CURVE-ALL:+SIGN-ALL:+MAC-ALL:+ANON-ECDH:+ECDHE-RSA:+DHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+RSA:+CTYPE-X.509:+CTYPE-OPENPGP:+SRP:+SRP-RSA:+SRP-DSS
> After the ANON-ECDH precursor, the renegotiated / authenticated
> connection (with the former priority string) fails.  It lists "Removing
> ciphersuite" for all ciphersuites (note that ANON-ECDH is not provided
> for any longer).  The GnuTLS code for sending the ClientHello suggests
> that this is based on the KX supported by the certificate, which I
> imagine must refer to the pre-renegotiation (so ANON-ECDH) precursor
> certificate.  No KX would match with that (lack of a) certificate, of
> course.  The result is GNUTLS_E_INSUFFICIENT_CRED and a breakdown of
> communication.  IIRC.

You need to set different "credentials" for anonymous and certificate
authentication. Did you set both of them or only for anonymous?

regards,
Nikos



More information about the Gnutls-help mailing list