Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-75476

GnuTLS rejects RSA key exchange too late

Linking RHIVOS CVEs to...Migration: Automation ...Sync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Minor Minor
    • None
    • rhel-10.0
    • gnutls
    • None
    • No
    • Low
    • rhel-security-crypto-spades
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      When GnuTLS is executed with DEFAULT policy and the following parameters:

      gnutls-serv --priority NORMAL:-VERS-ALL:+VERS-TLS1.2:%NO_TICKETS_TLS12 --port 4433 --http --x509cafile ca/cert.pem --x509keyfile server/key.pem --x509certfile server/cert.pem

      attempts at negotiating ciphersuites with RSA key exchange are rejected with a bad_record_mac Alert, both with openssl and tlsfuzzer, late in the handshake: after receiving the Client Key Exchange message.

      If GnuTLS cannot negotiate RSA key exchange, it should reject a ClientHello advertising just RSA key exchanges with a handshake_failure instead of sending a ServerHello.

      Affects:
      gnutls-3.8.8-1.el10.x86_64
      crypto-policies-20241128-1.git0dd441c.el10.noarch

              dueno@redhat.com Daiki Ueno
              hkario@redhat.com Alicja Kario
              Daiki Ueno Daiki Ueno
              Alexander Sosedkin Alexander Sosedkin
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: