On Wednesday 30 March 2005 21:01, Andreas Thienemann wrote: > > This only works with plain RSA cipher suites. That means that your server > > MUST NOT use DHE_RSA, which is a signing ciphersuite. > Off the top of my head I can't think of a good reason to use DHE_RSA for > an SSL server as it doesn't have to sign anything, right? > So disabling it wouldn't pose a problem. In DHE_RSA the RSA certificate is used to sign a diffie hellman key exchange. This offers perfect forward secrecy, which means that if the certificate is compromised at a future date, the old session data are still safe. This property is not available in the plain RSA ciphersuite.
Other than that, and given that all clients support plain RSA, it shouldn't pose a problem. > Is is really a good idea to be more strict here than e.g. openssl? > Because I do know of several servers which do have this problem when being > used by clients which are linked agains gnutls. Well it would be useless for a certificate to have the key usage bits set when nobody actually checks them. If you use them, it's probably because you want to limit the key's scope, and gnutls is just enforcing it. If you don't want these checks, you shouldn't put such extensions to your certificates. > bye, > andreas -- Nikos Mavrogiannopoulos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
