Philip Schaten <phi...@noerdcampus.de> writes: >> > - Using gnutls-cli, I try to establish a connection to the mail >> > server. >> > - From wireshark, I can see that gnutls offers rsa_pcks_sha1 as a >> > signature algorithm. >> >> Do you see this behavior also with the DEFAULT policy? > > yes. > So, in brief: > DEFAULT policy is enabled. > GnuTLS proposes SHA1 as a signature algorithm during TLS Handshake. > Server chooses SHA1. > GnuTLS cancels because SHA1 is forbidden by DEFAULT crypto-policy. > In the end, this leads to evolution mailclient not working anymore.
Thank you; that indeed seems like a bug in GnuTLS itself. I've filed an MR to fix it: https://gitlab.com/gnutls/gnutls/-/merge_requests/1447 Regards, -- Daiki Ueno _______________________________________________ Gnutls-help mailing list Gnutls-help@lists.gnutls.org http://lists.gnupg.org/mailman/listinfo/gnutls-help