Re: [Help-gnutls] Problems with Key usage violation

help-gnutls

From:	Andreas Thienemann
Subject:	Re: [Help-gnutls] Problems with Key usage violation
Date:	Wed, 30 Mar 2005 21:01:40 +0200 (CEST)

On Wed, 30 Mar 2005, Nikos Mavrogiannopoulos wrote:

         Key usage:
                 Key encipherment.

This only works with plain RSA cipher suites. That means that your server
MUST NOT use DHE_RSA, which is a signing ciphersuite.

Off the top of my head I can't think of a good reason to use DHE_RSA foran SSL server as it doesn't have to sign anything, right?


So disabling it wouldn't pose a problem.

Besides the fact that this should be valid for all kind of TLS servers, it
looks okay to me.

No this is not valid for all TLS servers. Only for the ones that use plain
RSA.

I see.

[ gnutls checking scope ]

Only the key usage.

Is is really a good idea to be more strict here than e.g. openssl?

Because I do know of several servers which do have this problem when beingused by clients which are linked agains gnutls.


bye,
 andreas

Current Thread

[Next in Thread]

[Help-gnutls] Problems with Key usage violation, Andreas Thienemann, 2005/03/30
- Re: [Help-gnutls] Problems with Key usage violation, Nikos Mavrogiannopoulos, 2005/03/30
  - Re: [Help-gnutls] Problems with Key usage violation, Andreas Thienemann, 2005/03/30
    - Re: [Help-gnutls] Problems with Key usage violation, Nikos Mavrogiannopoulos, 2005/03/30
    - Re: [Help-gnutls] Problems with Key usage violation, Andreas Thienemann <=
    - Re: [Help-gnutls] Problems with Key usage violation, Nikos Mavrogiannopoulos, 2005/03/30
    - Re: [Help-gnutls] Problems with Key usage violation, Andreas Thienemann, 2005/03/30