[gnutls-help] priority string SIGN- ordering

Jeremy Harris jgh at wizmail.org
Sun Feb 10 14:30:35 CET 2019 

Hi,

With 3.6.5 (on Fedora 29) I am seeing a problem where the
server apparently ignores the order given in the priority
string (NORMAL:-SIGN-ALL:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:-VERS-TLS1.3).

Is that the right way to do it?  The manual appears to say "Don't use
NONE-and-add-your-own, because versioning problems - and indeed I do
get problems across versions when trying to do that.


Server debug:

 1942 GnuTLS global init required.
 1942 initialising GnuTLS server session
 1942 GnuTLS<5>: REC[0x564c6e85c480]: Allocating epoch #0
 1942 Expanding various TLS configuration options for session credentials.
 1942 certificate file = TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem : TESTSUITE/aux
-fixed/exim-ca/example_ec.com/server1.example_ec.com/server1.example_ec.com.pem
 1942 key file = TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.unlocked.key : TESTSUITE/au
x-fixed/exim-ca/example_ec.com/server1.example_ec.com/server1.example_ec.com.unlocked.key
 1942 GnuTLS<3>: ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
 1942 GnuTLS<3>: ASSERT: x509.c[get_alt_name]:1815
 1942 GnuTLS<3>: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
 1942 TLS: cert/key TESTSUITE/aux-fixed/exim-ca/example.com/server1.example.com/server1.example.com.pem registered
 1942 GnuTLS<3>: ASSERT: x509_ext.c[gnutls_subject_alt_names_get]:110
 1942 GnuTLS<3>: ASSERT: x509.c[get_alt_name]:1815
 1942 GnuTLS<3>: ASSERT: pk.c[_wrap_nettle_pk_sign]:783
 1942 GnuTLS<2>: Security level of algorithm requires hash SHA512(64) or better
 1942 GnuTLS<3>: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
 1942 GnuTLS<3>: ASSERT: mpi.c[wrap_nettle_mpi_print]:60
 1942 TLS: cert/key TESTSUITE/aux-fixed/exim-ca/example_ec.com/server1.example_ec.com/server1.example_ec.com.pem registered
 1942 verify certificates = TESTSUITE/aux-fixed/exim-ca/example.com/server2.example.com/ca_chain.pem size=sss
 1942 Added 2 certificate authorities.
 1942 Initialising GnuTLS server params.
 1942 Loading default hard-coded DH params
 1942 GnuTLS<3>: ASSERT: dh.c[gnutls_dh_params_import_pkcs3]:488
 1942 Loaded fixed standard D-H parameters
>>>>>
 1942 GnuTLS session cipher/priority "NORMAL:-SIGN-ALL:+SIGN-RSA-SHA256:+SIGN-ECDSA-SHA512:-VERS-TLS1.3"
>>>>>
 1942 GnuTLS<2>: added 5 protocols, 29 ciphersuites, 2 sig algos and 9 groups into priority list
 1942 TLS: a client certificate will not be requested.
 1942 SMTP>> 220 TLS go ahead
 1942 GnuTLS<5>: REC[0x564c6e85c480]: Allocating epoch #1
 1942 GnuTLS<3>: ASSERT: buffers.c[get_last_packet]:1171
 1942 GnuTLS<5>: REC[0x564c6e85c480]: SSL 3.1 Handshake packet received. Epoch 0, length: 154
 1942 GnuTLS<5>: REC[0x564c6e85c480]: Expected Packet Handshake(22)
 1942 GnuTLS<5>: REC[0x564c6e85c480]: Received Packet Handshake(22) with length: 154
 1942 GnuTLS<5>: REC[0x564c6e85c480]: Decrypted Packet[0] Handshake(22) with length: 154
 1942 GnuTLS<4>: HSK[0x564c6e85c480]: CLIENT HELLO (1) was received. Length 150[150], frag offset 0, frag length: 150, seque
nce: 0
 1942 GnuTLS<4>: HSK[0x564c6e85c480]: Client's version: 3.3
 1942 GnuTLS<4>: EXT[0x564c6e85c480]: Parsing extension 'Encrypt-then-MAC/22' (0 bytes)
 1942 GnuTLS<4>: EXT[0x564c6e85c480]: Parsing extension 'Safe Renegotiation/65281' (1 bytes)
 1942 GnuTLS<3>: ASSERT: db.c[_gnutls_server_restore_session]:334
 1942 GnuTLS<3>: ASSERT: server_name.c[gnutls_server_name_get]:235
 1942 TLS: no SNI presented in handshake.
 1942 GnuTLS<4>: EXT[0x564c6e85c480]: Parsing extension 'Supported Groups/10' (20 bytes)
 1942 GnuTLS<4>: EXT[0x564c6e85c480]: Received group SECP256R1 (0x17)
[+groups 0x18, 19, 1d, 100-104]
 1942 GnuTLS<4>: EXT[0x564c6e85c480]: Selected group SECP256R1
 1942 GnuTLS<4>: EXT[0x564c6e85c480]: Parsing extension 'Supported EC Point Formats/11' (2 bytes)
 1942 GnuTLS<4>: EXT[0x564c6e85c480]: Parsing extension 'Signature Algorithms/13' (6 bytes)
 1942 GnuTLS<4>: EXT[0x564c6e85c480]: rcvd signature algo (4.1) RSA-SHA256
 1942 GnuTLS<4>: EXT[0x564c6e85c480]: rcvd signature algo (6.3) ECDSA-SHA512
 1942 GnuTLS<4>: EXT[0x564c6e85c480]: Parsing extension 'Session Ticket/35' (0 bytes)
 1942 GnuTLS<4>: EXT[0x564c6e85c480]: Parsing extension 'Record Size Limit/28' (2 bytes)
 1942 GnuTLS<2>: checking c0.2c (GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384) for compatibility
 1942 GnuTLS<3>: ASSERT: server_name.c[gnutls_server_name_get]:235
 1942 GnuTLS<4>: HSK[0x564c6e85c480]: Requested server name: ''
 1942 GnuTLS<4>: HSK[0x564c6e85c480]: checking compat of GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384 with certificate[0] (RSA/X.509)
 1942 GnuTLS<3>: ASSERT: cert.c[cert_select_sign_algorithm]:1283
 1942 GnuTLS<4>: HSK[0x564c6e85c480]: checking compat of GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384 with certificate[1] (EC/ECDSA/X.509)
 1942 GnuTLS<4>: checking cert compat with RSA-SHA256
 1942 GnuTLS<4>: cannot use privkey of EC/ECDSA with RSA-SHA256
 1942 GnuTLS<4>: checking cert compat with ECDSA-SHA512
>>>>>>>>>>
 1942 GnuTLS<4>: Selected signature algorithm: ECDSA-SHA512
>>>>>>>>>>
 1942 GnuTLS<2>: Selected (EC/ECDSA) cert based on ciphersuite c0.2c: GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384
 1942 GnuTLS<4>: HSK[0x564c6e85c480]: Selected group SECP256R1 (2)
 1942 GnuTLS<4>: HSK[0x564c6e85c480]: Selected cipher suite: GNUTLS_ECDHE_ECDSA_AES_256_GCM_SHA384
 1942 GnuTLS<4>: HSK[0x564c6e85c480]: Selected version TLS1.2
 1942 GnuTLS<4>: HSK[0x564c6e85c480]: Safe renegotiation succeeded

-- 
Thanks,
  Jeremy

More information about the Gnutls-help mailing list