[gnutls-help] gnutls offers rsa_pcks_sha1, but does not accept it

Daiki Ueno ueno at gnu.org
Mon Jun 7 13:52:43 CEST 2021

Philip Schaten <philip at noerdcampus.de> writes:

> I wrote to this list on 15-05-2021 having trouble with my universities
> mail server.
> Thanks to Daiki Ueno, I got this to work on my system by changing the
> crypto policies, but I believe I may have found a bug in gnutls as
> well:

Let me add Alexander, the current maintainer of crypto-policies, who
could shed some light on this.

> - Using gnutls-cli, I try to establish a connection to the mail server.
> - From wireshark, I can see that gnutls offers rsa_pcks_sha1 as a
> signature algorithm.

Do you see this behavior also with the DEFAULT policy?

> - The server is admittedly badly configured and chooses that signature
> algorithm.
> - gnutls aborts, complaining that "One of the involved algorithms has
> insufficient security level." (btw. Why can't it just state for what
> exact reason the security level was deemed insufficient? that would be
> incredibly useful...)
> Openssl, in contrast, doesn't even offer rsa_pcks_sha1 if it's not
> allowed per the systems crypto policies.
> Sooo I believe that the bug here is to offer SHA1 in the first place,
> ignoring the crpto policies.
> But I am very new to this (4 weeks ago I had'nt heard about GnuTLS),
> maybe I'm missing something here: Maybe TLSv1.2 is disabled completely
> to mitigate some sort of man-in-the-middle attack where the attacker
> forces the use of sha1 to be able to spoof the servers identity..? 
> Very much looking forward to your responses.

Daiki Ueno

More information about the Gnutls-help mailing list