On Mon, Nov 9, 2015 at 11:29 PM, Rick van Rein <[email protected]> wrote: > Hello, > > I'm trying to get optimal TLS privacy by first establishing an ANON-ECDH > connection, and then renegotiate it into an authenticated connection, > such as with an RSA certificate. This is only done when the application > protocol allows it. > > Without the ANON-ECDH precursor, the authenticated connection succeeds. > Its cli+srv priority string is > NONE:+VERS-TLS-ALL:+VERS-DTLS-ALL:+COMP-NULL:+CIPHER-ALL:+CURVE-ALL:+SIGN-ALL:+MAC-ALL:-ANON-ECDH:+ECDHE-RSA:+DHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+RSA:+CTYPE-X.509:+CTYPE-OPENPGP:+SRP:+SRP-RSA:+SRP-DSS > > The ANON-ECDH precursor also works (and moves straight on to > renegotiation). Its cli+srv priority string is > NONE:+VERS-TLS-ALL:+VERS-DTLS-ALL:+COMP-NULL:+CIPHER-ALL:+CURVE-ALL:+SIGN-ALL:+MAC-ALL:+ANON-ECDH:+ECDHE-RSA:+DHE-RSA:+ECDHE-ECDSA:+DHE-DSS:+RSA:+CTYPE-X.509:+CTYPE-OPENPGP:+SRP:+SRP-RSA:+SRP-DSS > After the ANON-ECDH precursor, the renegotiated / authenticated > connection (with the former priority string) fails. It lists "Removing > ciphersuite" for all ciphersuites (note that ANON-ECDH is not provided > for any longer). The GnuTLS code for sending the ClientHello suggests > that this is based on the KX supported by the certificate, which I > imagine must refer to the pre-renegotiation (so ANON-ECDH) precursor > certificate. No KX would match with that (lack of a) certificate, of > course. The result is GNUTLS_E_INSUFFICIENT_CRED and a breakdown of > communication. IIRC.
You need to set different "credentials" for anonymous and certificate authentication. Did you set both of them or only for anonymous? regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
