Philip Schaten <phi...@noerdcampus.de> writes:

>> > - Using gnutls-cli, I try to establish a connection to the mail
>> > server.
>> > - From wireshark, I can see that gnutls offers rsa_pcks_sha1 as a
>> > signature algorithm.
>> 
>> Do you see this behavior also with the DEFAULT policy?
>
> yes.
> So, in brief:
> DEFAULT policy is enabled.
> GnuTLS proposes SHA1 as a signature algorithm during TLS Handshake.
> Server chooses SHA1.
> GnuTLS cancels because SHA1 is forbidden by DEFAULT crypto-policy.
> In the end, this leads to evolution mailclient not working anymore.

Thank you; that indeed seems like a bug in GnuTLS itself.  I've filed an
MR to fix it:
https://gitlab.com/gnutls/gnutls/-/merge_requests/1447

Regards,
-- 
Daiki Ueno

_______________________________________________
Gnutls-help mailing list
Gnutls-help@lists.gnutls.org
http://lists.gnupg.org/mailman/listinfo/gnutls-help

Reply via email to