[Bug 1856435] Re: gnutls28 appears to allow 512bit RSA keys, when it shouldn't
Dimitri John Ledkov
launchpad at surgut.co.uk
Wed Dec 18 22:30:29 UTC 2019
The second url was meant to be
https://gitlab.com/gnutls/gnutls/issues/881
** Changed in: gnutls28 (Ubuntu)
Status: Triaged => Invalid
** Information type changed from Private Security to Public
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1856435
Title:
gnutls28 appears to allow 512bit RSA keys, when it shouldn't
Status in gnutls28 package in Ubuntu:
Invalid
Bug description:
To prevent lp bad formatting, please see the attached tarball.
The gist is that it appears that PROFILE_* settings are not applied
correctly. By default it should require 1024bit RSA keys minimum
gnutls-serv command accepts and uses 512bit RSA certificate.
openssl s_server in comparison does not, due to key size too small.
operating openssl s_client against the gnutls-serv server, fails to
connect again due to key size too small.
Yet gnutls-cli successfully connects to gnutls-serv with 512bit RSA
key.
Attempting to override priority strings using SECURE256 or
%PROFILE_HIGH and the like, does not make gnutls reject the small key
size.
Tested on focal using gnutls28 3.6.10-5
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1856435/+subscriptions
More information about the foundations-bugs
mailing list