[gnutls-help] gnutls offers rsa_pcks_sha1, but does not accept it
Daiki Ueno
ueno at gnu.org
Fri Jun 11 15:26:59 CEST 2021
Philip Schaten <philip at noerdcampus.de> writes:
>> > - Using gnutls-cli, I try to establish a connection to the mail
>> > server.
>> > - From wireshark, I can see that gnutls offers rsa_pcks_sha1 as a
>> > signature algorithm.
>>
>> Do you see this behavior also with the DEFAULT policy?
>
> yes.
> So, in brief:
> DEFAULT policy is enabled.
> GnuTLS proposes SHA1 as a signature algorithm during TLS Handshake.
> Server chooses SHA1.
> GnuTLS cancels because SHA1 is forbidden by DEFAULT crypto-policy.
> In the end, this leads to evolution mailclient not working anymore.
Thank you; that indeed seems like a bug in GnuTLS itself. I've filed an
MR to fix it:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1447
Regards,
--
Daiki Ueno
More information about the Gnutls-help
mailing list