-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-10.1
-
None
-
No
-
Moderate
-
rhel-security-crypto-spades
-
ssg_security
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
When GnuTLS server receives a connection from a client that advertises modified lists of groups and key shares, the behaviour of the server is not consistent:
(* - means that the group was also sent in the key_share)
*X25519MLKEM768:SECP256R1MLKEM768 = X25519MLKEM768 (GOOD) X25519MLKEM768:*SECP256R1MLKEM768 = X25519MLKEM768 (not good: not using a sent key_share) X25519MLKEM768:*SECP256R1MLKEM768:X25519:P-256:P-384 = X25519 (BAD: not hybrid) *X25519MLKEM768:*SECP256R1MLKEM768:X25519:*P-256:P-384 = X25519 (BAD: not hybrid) *X25519MLKEM768:SECP256R1MLKEM768:*P-256:P-384 = P-256 (BAD: not hybrid) *SECP256R1MLKEM768:*P-256:P-384 = P-256 (BAD: not hybrid) *SECP256R1MLKEM768:P-256:P-384 = P-256 (BAD: not hybrid and not key_share) *X25519MLKEM768:SecP256r1MLKEM768:SecP384r1MLKEM1024:X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 = X25519MLKEM768 (GOOD: why?) *X25519MLKEM768:SecP256r1MLKEM768:SecP384r1MLKEM1024:X25519:secp256r1:X448:secp521r1:secp384r1 = X25519 (BAD: not hybrid, but the difference was just omitting FFDHE)