[gnutls-help] gnutls offers rsa_pcks_sha1, but does not accept it

Philip Schaten philip at noerdcampus.de
Tue Jun 8 10:37:07 CEST 2021

> > - Using gnutls-cli, I try to establish a connection to the mail
> > server.
> > - From wireshark, I can see that gnutls offers rsa_pcks_sha1 as a
> > signature algorithm.
> Do you see this behavior also with the DEFAULT policy?

So, in brief:
DEFAULT policy is enabled.
GnuTLS proposes SHA1 as a signature algorithm during TLS Handshake.
Server chooses SHA1.
GnuTLS cancels because SHA1 is forbidden by DEFAULT crypto-policy.
In the end, this leads to evolution mailclient not working anymore.


P.S.: I sent you the mailserver address privately, in case you want to
reproduce the problem.

More information about the Gnutls-help mailing list