[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[sr #107623] Priority string "SECURITY256" seemingly no longer supports
From: |
anonymous |
Subject: |
[sr #107623] Priority string "SECURITY256" seemingly no longer supports DSA keys |
Date: |
Sun, 13 Mar 2011 14:53:22 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20110107 Iceweasel/3.5.16 (like Firefox/3.5.16) |
URL:
<http://savannah.gnu.org/support/?107623>
Summary: Priority string "SECURITY256" seemingly no longer
supports DSA keys
Project: GnuTLS
Submitted by: None
Submitted on: sön 13 mar 2011 14.53.21
Category: None
Priority: 5 - Normal
Severity: 4 - Important
Status: None
Privacy: Public
Assigned to: None
Originator Email: address@hidden
Open/Closed: Open
Discussion Lock: Any
Operating System: GNU/Linux
_______________________________________________________
Details:
If DSA keys are used, the priority string "SECURE256" no longer yields a
successful handshake. Steps to reproduce:
########
mkdir /tmp/keydir
cat > /tmp/keydir/batch <<EOF
Key-Type: DSA
Key-Length: 2048
Subkey-Type: ELG-E
Subkey-Length: 2048
Name-Real: localhost
Expire-Date: 0
%commit
EOF
gpg --quiet --batch --no-tty --no-options --enable-dsa2 --homedir /tmp/keydir
--trust-model always --gen-key /tmp/keydir/batch
gpg --quiet --batch --no-tty --no-options --enable-dsa2 --homedir /tmp/keydir
--armor --export-options export-minimal --comment "Test key for GnuTLS"
--output /tmp/keydir/seckey.txt --export-secret-keys
gpg --quiet --batch --no-tty --no-options --enable-dsa2 --homedir /tmp/keydir
--armor --export-options export-minimal --comment "Test key for GnuTLS"
--output /tmp/keydir/pubkey.txt --export
gnutls-serv --priority 'SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP' --pgpkeyfile
/tmp/keydir/seckey.txt --pgpcertfile /tmp/keydir/pubkey.txt --port 5556
# Now, in another terminal, run this:
gnutls-cli --insecure --priority 'SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP'
--port 5556 localhost
########
The server produces these error messages:
Error in handshake
Error: An unknown public key algorithm was encountered.
This used to work in GnuTLS 2.8.6. If I change the SECURE256 to SECURE128 (on
both server and client) it works, and also if I add ":!VERS-TLS1.2". However
both of those "solutions" feel suboptimal.
/Teddy Hogeborn
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/support/?107623>
_______________________________________________
Meddelandet skickades via/av Savannah
http://savannah.gnu.org/
- [sr #107623] Priority string "SECURITY256" seemingly no longer supports DSA keys,
anonymous <=