Bug 1437213

Summary: gnutls could not use legacy ciphers in LEGACY profile
Product: [Fedora] Fedora Reporter: Stanislav Zidek <szidek>
Component: crypto-policiesAssignee: Nikos Mavrogiannopoulos <nmavrogi>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 26CC: nmavrogi, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-25 15:36:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stanislav Zidek 2017-03-29 19:04:29 UTC
Description of problem:
I am not able to connect to e.g. rc4.badssl.com even if I set LEGACY profile in crypto-policies.

Version-Release number of selected component (if applicable):
# rpm -q gnutls crypto-policies
gnutls-3.5.10-1.fc26.x86_64
crypto-policies-20170214-2.gitf3018dd.fc26.noarch

How reproducible:
always

Steps to Reproduce:
1. update-crypto-policies --set LEGACY
2. gnutls-cli --priority @SYSTEM rc4.badssl.com


Actual results:
Setting system policy to LEGACY
Processed 172 CA certificate(s).
Resolving 'rc4.badssl.com:443'...
Connecting to '104.154.89.105:443'...
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [40]: Handshake failed
*** handshake has failed: A TLS fatal alert has been received.


Expected results:
Connection succeeds.

Comment 1 Nikos Mavrogiannopoulos 2017-03-30 06:34:37 UTC
Thank you. I've pushed a fix in rawhide/f26. 
https://gitlab.com/nmav/fedora-crypto-policies/commit/55b66da0575cf59265f09ebbe89adc7cf0e90ded