gnutls -- MD5 downgrade in TLS signatures

ID 3DE36A19-429D-11E5-9DAA-14DAE9D210B8
Type freebsd
Reporter FreeBSD
Modified 2015-04-25T00:00:00


Karthikeyan Bhargavan reports:

GnuTLS does not by default support MD5 signatures. Indeed the RSA-MD5 signature-hash algorithm needs to be explicitly enabled using the priority option VERIFY_ALLOW_SIGN_RSA_MD5. In the NORMAL and SECURE profiles, GnuTLS clients do not offer RSA-MD5 in the signature algorithms extension. However, we find that all GnuTLS clients still accept RSA-MD5 in the ServerKeyExchange and GnuTLS servers still accept RSA-MD5 in the ClientCertificateVerify.