help-gnutls
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

gnutls 2.10 won't negotiate TLS 1.2 if priority is set to "SECURE256"

From: Sam Varshavchik
Subject: gnutls 2.10 won't negotiate TLS 1.2 if priority is set to "SECURE256"
Date: Thu, 26 May 2011 11:56:03 -0400 
I rebuilt a client/server against gnutls 2.10, from 2.8 before.
I give "SECURE256:-CTYPE-OPENPGP" to gnutls_priority_set_direct() on both the client and the server side.
After updating to 2.10, TLS negotiation fails a GNUTLS_E_UNSUPPORTED_SIGNATURE_ALGORITHM.
Stumbling my way through the debugger, and stepping through, I see that both sides are going for TLS 1.2. 

Adding "-VERS-TLS1.2" to the priority string gets everything working.
I'm wondering what I'm missing. I was using RSA-SHA1 certs. I regenerated them as RSA-SHA256 certs, that still doesn't work. I generate my own certs, here's how one looks like: 


X.509 Certificate Information:
        Version: 3
        Serial Number (hex): 01
        Issuer: O=libx library,OU=GnuTLS wrapper,CN=example.com
        Validity:
                Not Before: Thu May 26 15:51:45 UTC 2011
                Not After: Fri Jun 29 15:51:45 UTC 2012
        Subject: O=libx library,OU=GnuTLS wrapper,CN=example.com
        Subject Public Key Algorithm: RSA
                Modulus (bits 1024):
                        bd:76:c7:26:19:46:5c:a4:99:ed:12:8a:ef:3d:f6:8b
                        16:26:c7:33:fd:09:b2:05:5a:ae:af:eb:e4:37:39:c6
                        69:76:5a:aa:ac:6a:5b:3b:8a:02:c4:a8:13:31:e1:f7
                        e0:fd:34:c8:87:f4:e7:82:ef:f5:52:34:fe:46:14:56
                        d6:da:4c:43:61:be:50:67:0a:20:c6:ac:eb:ef:2f:32
                        c6:9a:74:aa:22:cb:75:8e:ce:a3:77:c4:23:f4:71:e8
                        37:1e:6e:ab:16:43:ad:94:17:34:8d:58:5e:9a:87:23
                        54:27:41:32:ec:d4:4a:4a:e9:b0:45:8a:81:e7:b9:69
                Exponent (bits 24):
                        01:00:01
        Extensions:
                Basic Constraints (critical):
                        Certificate Authority (CA): TRUE
                Key Usage (critical):
                        Digital signature.
                        Non repudiation.
                        Key encipherment.
                        Key agreement.
                        Certificate signing.
                        CRL signing.
                Key Purpose (not critical):
                        TLS WWW Server.
                        Code signing.
                        Email protection.
                Subject Alternative Name (not critical):
                        DNSname: example.com
                Subject Key Identifier (not critical):
                        06b4ea4797850dd103c88f17f291ca5be54f424b
        Signature Algorithm: RSA-SHA512
        Signature:
                6b:a8:93:2a:ad:b3:6b:82:fb:d8:7f:fa:24:06:b5:63
                c5:0c:bb:23:90:92:59:9b:d7:9c:0c:d4:83:20:76:af
                fe:18:3e:d1:af:1b:60:d1:b7:ac:0e:85:e8:46:35:8a
                74:e3:83:b5:06:d5:6c:82:2c:be:d6:7d:a4:fe:e2:4e
                4c:f8:ee:68:fd:a8:55:46:85:48:2e:12:39:d8:e8:6a
                66:be:f6:f9:9a:87:bf:98:a5:11:27:24:28:0c:92:ad
                ea:11:62:7c:d2:74:cf:64:c9:10:b4:60:9c:77:28:86
                20:fc:be:90:8f:db:a8:84:06:53:2a:c4:e1:20:17:9c
Other Information:
        MD5 fingerprint:
                0a805cfad3c2d7355c2b9496833997ce
        SHA-1 fingerprint:
                9cac002d6bd19cd855d46d89ae46b55d2f4df24a
        Public Key Id:
                06b4ea4797850dd103c88f17f291ca5be54f424b
reply via email to
[Prev in Thread] Current Thread [Next in Thread]