[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Help-gnutls] Re: Key usage violation in certificate
From: |
Roland Winkler |
Subject: |
[Help-gnutls] Re: Key usage violation in certificate |
Date: |
Mon, 1 Jun 2009 17:46:37 +0200 |
On Mon Jun 1 2009 Simon Josefsson wrote:
> Yes. They can chose between:
>
> 1) Disable DHE ciphersuite, because their certificate doesn't permit
> those.
>
> 2) Re-generate the certificate and add the sign key usage, which allows
> use of the certificate together with DHE.
>
> > Is it a part of the communication protocol between server and client
> > that the server should tell the client the allowed usage of its
> > certificate? I mean, the server knows the allowed usage of its
> > certificate. So I would guess that in an ideal world (that we don't
> > have...) no extra configuration of the server was necessary.
>
> Right. The server software could also detect that the certificate does
> not support signing, and then disable all DHE/EXPORT ciphersuites.
Thanks for the clarifications!
Roland