[gnutls-help] gnutls offers rsa_pcks_sha1, but does not accept it

Philip Schaten philip at noerdcampus.de
Tue Jun 8 10:37:07 CEST 2021


Hi,
> 
> > - Using gnutls-cli, I try to establish a connection to the mail
> > server.
> > - From wireshark, I can see that gnutls offers rsa_pcks_sha1 as a
> > signature algorithm.
> 
> Do you see this behavior also with the DEFAULT policy?

yes.
So, in brief:
DEFAULT policy is enabled.
GnuTLS proposes SHA1 as a signature algorithm during TLS Handshake.
Server chooses SHA1.
GnuTLS cancels because SHA1 is forbidden by DEFAULT crypto-policy.
In the end, this leads to evolution mailclient not working anymore.

Best
Philip

P.S.: I sent you the mailserver address privately, in case you want to
reproduce the problem.




More information about the Gnutls-help mailing list