[gnutls-help] Renegotiating from ANON to RSA -- Removing all ciphersuites?

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Nov 11 11:18:12 CET 2015

On Wed, Nov 11, 2015 at 9:53 AM, Rick van Rein <rick at openfortress.nl> wrote:
> Hi Nikos,
> Thanks so far.  I see you've dropped the list Cc, to which I'm
> impartial; the TLS Pool is open source code.

You did on your reply. I'm adding the ML.

>> If you could reproduce this with a minimal test
>> program (e.g., mini-x509 or so), I could take a look.
> I started making this, but the code is quite entangled with other
> modules that handle PIN entry, database lookups for credentials and so
> on.  Instead, may I talk you through the publicly viewable code on
> GitHub?  You could ignore most of it, and go for the gnutls_XXX labels.

I've added mini-x509-dual.c which does a dual handshake with
ANON-ECDH,  followed by RSA. That seems to work. However, switching to
ECDHE or DHE failed. That was unfortunately a bug which I've fixed at:


More information about the Gnutls-help mailing list