Bug#708174: gnutls26: with priority SECURE128 fails to negotiate a cipher suite with itself

Roger Lynn Roger at rilynn.me.uk
Sun Jun 2 23:15:17 UTC 2013 

Package: gnutls-bin
Version: 3.0.22-3+really2.12.20-7
Followup-For: Bug #708174

Hi,

I am testing on two machines, an old Pentium 3 system from which I originally
reported this bug and a new Xeon system from which I am sending this, both
running up to date Wheezy. I get the same results on both.

On 14/05/13 02:21, Daniel Kahn Gillmor wrote:
> On 05/13/2013 01:28 PM, Roger Lynn wrote:
>> Source: gnutls26
>> Version: 2.12.20-6
>> Severity: normal
>> 
>> Running
>> gnutls-serv -d 255 -p 1234 --x509certfile /etc/ssl/certs/rilynn.pem --x509keyfile /etc/ssl/private/rilynn.key
>> and
>> gnutls-cli -d 255 -p 1234 --priority SECURE128 rilynn.me.uk
>> on the same box fails to negotiate a cipher suite. A priority string of
>> NORMAL appears to work.
> 
> Hm, i'm not able to replicate this, using gnutls-bin
> 3.0.22-3+really2.12.20-6 (the version currently in wheezy/jessie/sid,
> which i think is the same version as the source package version
> mentioned above.

Sorry for the confusion, this message includes the details of the gnutls-bin
that I'm using.

> is it possible that your test is not connecting to the system you're
> testing?

I don't think so.

> here's how i ran my test:
> 
>  certtool -p > x.key
>  echo 'cn=127.0.0.1' > template.cfg
>  certtool -s --load-privkey x.key > x.cert --template template.cfg
>  gnutls-serv -d 255 -p 1234 --x509certfile x.cert --x509keyfile x.key
> 
> and then in another terminal:
> 
>  gnutls-cli -d 255 -p 1234 --x509cafile x.cert --priority SECURE128
> 127.0.0.1
> 
> And the connection succeeded, selecting the following parameters:
> 
> - Version: TLS1.2
> - Key Exchange: DHE-RSA
> - Cipher: AES-128-CBC
> - MAC: SHA256
> - Compression: NULL

That works for me, which suggests (to me at least) that this might have
something to do with the keys or certificates. I have tested with two, both
created with OpenSSL and signed by CAcert. The newer one was created on 11 Oct
2012 on up to date Wheezy with the script at
http://svn.cacert.org/CAcert/Software/CSRGenerator/csr

>> Using a priority string of SECURE128 for outgoing SMTP connections in Debian
>> exim also fails between two Wheezy boxes, which is how I noticed the problem
>> in the first place.
> 
> hmm, this seems particularly worrisome!  I will try to set this up and
> test it.  what sort of failure are you seeing specifically? can you
> share (the relevant parts of) your configurations that show this error?

On the sending end I get the universal gnutls error message:
TLS error on connection to mail.fundamentalsltd.co.uk [217.169.26.194] (gnutls_handshake): A TLS packet with unexpected length was received.

/etc/exim4/conf.d/transport/30_exim4-config_remote_smtp has had the following
added:
tls_require_ciphers = SECURE128

On the receiving end I get:
TLS error on connection from rilynn.me.uk [90.155.73.34] (gnutls_handshake): Could not negotiate a supported cipher suite.

/etc/exim4/conf.d/main/00_local_options contains:
MAIN_TLS_ENABLE = defined
MAIN_TLS_CERTIFICATE = /etc/ssl/certs/mail_server.pem
MAIN_TLS_PRIVATEKEY = /etc/exim4/mail_privatekey.pem

>> Also, gnutls appears to prefer to use the weakest available cipher instead of
>> the strongest, which seems a bit odd.
> 
> This also sounds worrisome, but it might be due to a misinterpretation
> of how the priority string is supposed to work.  --priority SECURE128 in
> gnutls26 appears to mean *only* the ciphersuites with 128-bit ciphers,
> not those ciphers and above.

This seems counter-intuitive, as the expected action would be to select a
minimum cipher length, which is what is suggested at 
http://www.gnutls.org/manual/html_node/Priority-Strings.html
However that presumably applies to a newer version of the software.
What is the correct way to exclude weaker ciphers?

> i note that there is no gnutls-doc/*really2.12.20-6 package in wheezy
> to compare with :/  That seems like it might make debugging or writing
> code that targets gnutls26 a serious challenge.

Is gnutls26-doc is what you are looking for?

Thanks for looking into this,

Roger

-- System Information:
Debian Release: 7.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages gnutls-bin depends on:
ii  libc6         2.13-38
ii  libgcrypt11   1.5.0-5
ii  libgnutls26   2.12.20-7
ii  libp11-kit0   0.12-3
ii  libreadline6  6.2+dfsg-0.1
ii  libtasn1-3    2.13-2
ii  zlib1g        1:1.2.7.dfsg-13

gnutls-bin recommends no packages.

gnutls-bin suggests no packages.

-- no debconf information

More information about the Pkg-gnutls-maint mailing list