Bug 1437213 - gnutls could not use legacy ciphers in LEGACY profile
Summary: gnutls could not use legacy ciphers in LEGACY profile
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: crypto-policies
Version: 26
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nikos Mavrogiannopoulos
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-03-29 19:04 UTC by Stanislav Zidek
Modified: 2018-04-25 15:36 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-04-25 15:36:05 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Stanislav Zidek 2017-03-29 19:04:29 UTC
Description of problem:
I am not able to connect to e.g. rc4.badssl.com even if I set LEGACY profile in crypto-policies.

Version-Release number of selected component (if applicable):
# rpm -q gnutls crypto-policies
gnutls-3.5.10-1.fc26.x86_64
crypto-policies-20170214-2.gitf3018dd.fc26.noarch

How reproducible:
always

Steps to Reproduce:
1. update-crypto-policies --set LEGACY
2. gnutls-cli --priority @SYSTEM rc4.badssl.com


Actual results:
Setting system policy to LEGACY
Processed 172 CA certificate(s).
Resolving 'rc4.badssl.com:443'...
Connecting to '104.154.89.105:443'...
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [40]: Handshake failed
*** handshake has failed: A TLS fatal alert has been received.


Expected results:
Connection succeeds.

Comment 1 Nikos Mavrogiannopoulos 2017-03-30 06:34:37 UTC
Thank you. I've pushed a fix in rawhide/f26. 
https://gitlab.com/nmav/fedora-crypto-policies/commit/55b66da0575cf59265f09ebbe89adc7cf0e90ded


Note You need to log in before you can comment on or make changes to this bug.