Bug#708174: gnutls26: with priority SECURE128 fails to negotiate a cipher suite with itself

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue May 14 01:21:59 UTC 2013 

On 05/13/2013 01:28 PM, Roger Lynn wrote:
> Source: gnutls26
> Version: 2.12.20-6
> Severity: normal
> 
> Running
> gnutls-serv -d 255 -p 1234 --x509certfile /etc/ssl/certs/rilynn.pem --x509keyfile /etc/ssl/private/rilynn.key
> and
> gnutls-cli -d 255 -p 1234 --priority SECURE128 rilynn.me.uk
> on the same box fails to negotiate a cipher suite. A priority string of
> NORMAL appears to work.

Hm, i'm not able to replicate this, using gnutls-bin
3.0.22-3+really2.12.20-6 (the version currently in wheezy/jessie/sid,
which i think is the same version as the source package version
mentioned above.

is it possible that your test is not connecting to the system you're
testing?

here's how i ran my test:

 certtool -p > x.key
 echo 'cn=127.0.0.1' > template.cfg
 certtool -s --load-privkey x.key > x.cert --template template.cfg
 gnutls-serv -d 255 -p 1234 --x509certfile x.cert --x509keyfile x.key

and then in another terminal:

 gnutls-cli -d 255 -p 1234 --x509cafile x.cert --priority SECURE128
127.0.0.1

And the connection succeeded, selecting the following parameters:

- Version: TLS1.2
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA256
- Compression: NULL

> Using a priority string of SECURE128 for outgoing SMTP connections in Debian
> exim also fails between two Wheezy boxes, which is how I noticed the problem
> in the first place.

hmm, this seems particularly worrisome!  I will try to set this up and
test it.  what sort of failure are you seeing specifically? can you
share (the relevant parts of) your configurations that show this error?

> Also, gnutls appears to prefer to use the weakest available cipher instead of
> the strongest, which seems a bit odd.

This also sounds worrisome, but it might be due to a misinterpretation
of how the priority string is supposed to work.  --priority SECURE128 in
gnutls26 appears to mean *only* the ciphersuites with 128-bit ciphers,
not those ciphers and above.

compare gnutls-cli(1)'s description of SECURE128 from
gnutls-bin/3.0.22-3+really2.12.20-6:

 ECURE128 flag enables all "secure" ciphersuites with ciphers up
              to 128 bits, sorted by security margin.

and the documentation shipped by gnutls-doc/3.* here:

 file:///usr/share/doc/gnutls-doc/html/gnutls.html#Priority-Strings

i note that there is no gnutls-doc/*really2.12.20-6 package in wheezy
to compare with :/  That seems like it might make debugging or writing
code that targets gnutls26 a serious challenge.

Maybe this documentation update is something that we need to rectify in
a point release?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20130513/81e4914d/attachment.pgp>

More information about the Pkg-gnutls-maint mailing list