Hello, I'm trying to get optimal TLS privacy by first establishing an ANON-ECDH connection, and then renegotiate it into an authenticated connection, such as with an RSA certificate. This is only done when the application protocol allows it.
Without the ANON-ECDH precursor, the authenticated connection succeeds. Its cli+srv priority string is NONE:+VERS-TLS-ALL:+VERS-DTLS-ALL:+COMP-NULL:+CIPHER-ALL:+CURVE-ALL:+SIGN-ALL:+MAC-ALL:-ANON-ECDH:+ECDHE-RSA:+DHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+RSA:+CTYPE-X.509:+CTYPE-OPENPGP:+SRP:+SRP-RSA:+SRP-DSS The ANON-ECDH precursor also works (and moves straight on to renegotiation). Its cli+srv priority string is NONE:+VERS-TLS-ALL:+VERS-DTLS-ALL:+COMP-NULL:+CIPHER-ALL:+CURVE-ALL:+SIGN-ALL:+MAC-ALL:+ANON-ECDH:+ECDHE-RSA:+DHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+RSA:+CTYPE-X.509:+CTYPE-OPENPGP:+SRP:+SRP-RSA:+SRP-DSS After the ANON-ECDH precursor, the renegotiated / authenticated connection (with the former priority string) fails. It lists "Removing ciphersuite" for all ciphersuites (note that ANON-ECDH is not provided for any longer). The GnuTLS code for sending the ClientHello suggests that this is based on the KX supported by the certificate, which I imagine must refer to the pre-renegotiation (so ANON-ECDH) precursor certificate. No KX would match with that (lack of a) certificate, of course. The result is GNUTLS_E_INSUFFICIENT_CRED and a breakdown of communication. IIRC. I wonder if there is a way to have this "anonymous precursor" with GnuTLS, or that I am overlooking something? I'm working with GnuTLS 3.2.21. Thanks, -Rick _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
