[gnutls-help] cipher priorities

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Nov 6 16:10:07 CET 2017

On Sun, Nov 5, 2017 at 9:21 PM, Jeremy Harris <jgh at wizmail.org> wrote:
> GnuTLS 3.5.8
> Server, having loaded two cert (one RSA, then one ECDSA) using
> gnutls_certificate_set_x509_key_file().
> With a client hello having only one sig-hash algorithm,
> "0401 rsa-sha256"  the handshake fails.  The server debug log
> has
> "(gnutls_handshake): An unknown public key algorithm was encountered."
> If I only load the RSA cert, it's fine.
> What should I be doing different?

Could you provide a reproducer? If you check the tests/ subdirectory there is
set_x509_key_file_ocsp_multi2.c which pretty much does what you are describing.


More information about the Gnutls-help mailing list