[gnutls-help] cipher priorities
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon Nov 6 16:10:07 CET 2017
On Sun, Nov 5, 2017 at 9:21 PM, Jeremy Harris <jgh at wizmail.org> wrote:
> GnuTLS 3.5.8
>
> Server, having loaded two cert (one RSA, then one ECDSA) using
> gnutls_certificate_set_x509_key_file().
>
> With a client hello having only one sig-hash algorithm,
> "0401 rsa-sha256" the handshake fails. The server debug log
> has
>
> "(gnutls_handshake): An unknown public key algorithm was encountered."
>
>
>
> If I only load the RSA cert, it's fine.
>
> What should I be doing different?
Could you provide a reproducer? If you check the tests/ subdirectory there is
set_x509_key_file_ocsp_multi2.c which pretty much does what you are describing.
regards,
Nikos
More information about the Gnutls-help
mailing list