[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnutls claims a disabled algorithm was negotiated
From: |
brian m. carlson |
Subject: |
Re: gnutls claims a disabled algorithm was negotiated |
Date: |
Sat, 1 Sep 2012 17:32:04 +0000 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
On Sat, Sep 01, 2012 at 10:31:55AM +0200, Nikos Mavrogiannopoulos wrote:
> Interesting case.
> > |<3>| HSK[0x188ae60]: Selected ECC curve SECP384R1 (3)
> > |<3>| HSK[0x188ae60]: verify handshake data: using ECDSA-SHA256
> > |<2>| ASSERT: gnutls_sig.c:365
>
> I suppose that your server's certificate has the SECP384R1 curve, is
> that right? In that case the server should have used the SHA-384 or
> SHA-512 hash algorithms (see
> http://tools.ietf.org/html/rfc5480#section-4 ). However your server used
> SHA-256 instead and that's why gnutls complains.
Yes, that is the case. I suppose this is a bug in OpenSSL?
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature