On Tue, Jul 01, 2025 at 01:13:36PM +0200, Peter Krempa wrote: > On Tue, Jul 01, 2025 at 11:38:37 +0100, Daniel P. Berrangé wrote: > > On Tue, Jul 01, 2025 at 10:59:06AM +0200, Peter Krempa wrote: > > > On Tue, Jul 01, 2025 at 09:49:57 +0100, Daniel P. Berrangé wrote: > > > > On Mon, Jun 30, 2025 at 07:25:05PM +0200, Peter Krempa via Devel wrote: > > > > > From: Peter Krempa <pkre...@redhat.com> > > > > > > > > > > Key encipherment is required only for RSA key exchange algorithm. With > > > > > TLS 1.3 this is not even used as RSA is used only for authentication. > > > > > > > > > > Since we can't really check when it's required ahead of time drop the > > > > > check completely. GnuTLS will moan if it will not be able to use RSA > > > > > key exchange. > > > > > > > > GNUTLS only reports problems at runtime, while the libvirt code is > > > > used at system startup. This greatly improves the debuggability of > > > > sysadmin config screwups, so we don't really want to delegate to > > > > GNUTLS for this. > > > > > > > > > In commit 11867b0224a2 I tried to relax the check for some eliptic > > > > > curve algorithm that explicitly forbid it. Based on the above the > > > > > proper > > > > > solution is to completely remove it. > > > > > > > > We need to invert the check - instead of excluding just ECDSA, we > > > > need to include only DSA and GHOST algorithms. > > > > > > Originally I did the same but then I read (and verified; see my > > > followup) that with TLS 1.3 the RSA key exchange algorithm isn't even > > > used so keyEncipherment capability isn't even needed. > > > > Ok, yeah, I've found that now too. > > > > If we're removing this entirely from the impl, we should also update > > the docs/kbase/tlscerts.rst. > > > > IIRC, we need to remove the 'encryption_key' flag to stop gnutls > > adding 'key encipherment' to DSA certs. > > I've found that removing the flag isn't necessary. gnutls just doesn't > use it with keys that don't support it. > > I've actually used my very old script built on the examples from the > above page and just added use of one of the fancy new "post quantum" > signature algorithms and it simply worked ven with "encryption_key" > being present in the 'info' file.
Yes, gnutls simply ignores the 'encryption_key' setting in most cases, but we should remove it from docs given that it is redundant & potentially misleading. > > > If you thing it's important to stay compatible in the pre-check also > > > with older protocols then I can keep it but to me it didn't make too > > > much sense. > > > > Yeah, TLS 1.3 is effectively the baseline for libvirt unless talking to > > very old systems, as gnutls will preferentially negotiate it, we only > > need care about libvirt clients. > > Based on this I guess we could drop it from the examples. I think that > it'd be much more beneficial to hint to better ciphers (but that'd also > effectively make it obsolete). We've generally assumed that gnutls will pick the best ciphers itself based on crypto priority config on the host. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
