On Tue, Jul 01, 2025 at 09:49:57 +0100, Daniel P. Berrangé wrote: > On Mon, Jun 30, 2025 at 07:25:05PM +0200, Peter Krempa via Devel wrote: > > From: Peter Krempa <pkre...@redhat.com> > > > > Key encipherment is required only for RSA key exchange algorithm. With > > TLS 1.3 this is not even used as RSA is used only for authentication. > > > > Since we can't really check when it's required ahead of time drop the > > check completely. GnuTLS will moan if it will not be able to use RSA > > key exchange. > > GNUTLS only reports problems at runtime, while the libvirt code is > used at system startup. This greatly improves the debuggability of > sysadmin config screwups, so we don't really want to delegate to > GNUTLS for this. > > > In commit 11867b0224a2 I tried to relax the check for some eliptic > > curve algorithm that explicitly forbid it. Based on the above the proper > > solution is to completely remove it. > > We need to invert the check - instead of excluding just ECDSA, we > need to include only DSA and GHOST algorithms.
Originally I did the same but then I read (and verified; see my followup) that with TLS 1.3 the RSA key exchange algorithm isn't even used so keyEncipherment capability isn't even needed. The pre-verification doesn't really allow us checking which protocol will be used. If you thing it's important to stay compatible in the pre-check also with older protocols then I can keep it but to me it didn't make too much sense.
