[gnutls-help] Fedora 34, One of the involved algorithms has insufficient security level
ueno at gnu.org
Mon May 17 10:19:35 CEST 2021
Philip Schaten <philip at noerdcampus.de> writes:
> After an upgrade to Fedora 34, gnutls-cli gives me a
> `*** Fatal error: One of the involved algorithms has insufficient
> security level.` when connecting to my university mail server.
> With `gnutls-cli --allow-broken`, connection works and I get this
> result `- Description: (TLS1.2-X.509)-(ECDHE-SECP256R1)-(RSA-SHA1)-
> Using `gnutls-cli -l` I can see that SHA1 in combination with tls1.2
> seems to be forbidden.
> Also, `gnutls-cli-debug` tells me it needs to disable TLS1.2 (why is
> Might this be the reason for the error/is there a way to find out?
> Is it a bug in gnutls or misconfiguration in the university mail
In Fedora, allowed algorithms are centrally managed through
crypto-policies, where SHA-1 is indeed disabled for digital signatures:
You could either downgrade the policy profile to LEGACY, with:
sudo update-crypto-policies --set LEGACY
or create a custom crypto policy:
More information about the Gnutls-help