Regression in trusty's gnutls26, can't connect to servers with RSA-MD5 certs (cacert)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnutls26 (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Ubuntu version: 14.04
Affected package versions:
- 2.12.23-12ubuntu2.4
- 2.12.23-12ubuntu2.5
Unaffected package versions:
- 2.12.23-12ubuntu2.3 and older
Description:
When trying to connect to servers that have a RSA-MD5 signature in their certificate chain, gnutls26 fails to connect with "The signature algorithm is not supported."
The root certificate of cacert uses RSA-MD5, so this can be reproduced by trying to connect to any server that uses their certs
Downgrading to 2.12.23-12ubuntu2.3 workarounds the issue.
This error originally appeared when trying to connect to jabber.ccc.de from bitlbee 3.2.1+otr4-
gnutls28 is unaffected - The user who reported the issue moved to the bitlbee nightly build apt repo, which compiles against gnutls28 instead of 26, and that "fixed" the issue.
OpenSSL has no issues connecting either.
Actual behavior (with 2.12.23-
$ gnutls-cli cacert.org
Resolving 'cacert.org'...
Connecting to '213.154.
*** Non fatal error: A TLS warning alert has been received.
*** Received alert [112]: The server name sent was not recognized
*** Fatal error: The signature algorithm is not supported.
*** Handshake has failed
GnuTLS error: The signature algorithm is not supported.
Expected behavior (with 2.12.23-
$ gnutls-cli cacert.org
Resolving 'cacert.org'...
Connecting to '213.154.
*** Non fatal error: A TLS warning alert has been received.
*** Received alert [112]: The server name sent was not recognized
- Ephemeral Diffie-Hellman parameters
- Using prime: 2048 bits
- Secret key: 2047 bits
- Peer's public key: 2046 bits
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `C=AU,ST=
- Certificate[1] info:
- subject `O=Root CA,OU=http://
- The hostname in the certificate matches 'cacert.org'.
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.2
- Key Exchange: DHE-RSA
- Cipher: AES-256-CBC
- MAC: SHA256
- Compression: NULL
- Handshake was completed
The point of the USN-2865-1 security update was to remove support for RSA-MD5 certificates which are considered insecure and were previously accepted in GnuTLS because of a design flaw.
See the following for more information:
http:// lists.gnutls. org/pipermail/ gnutls- devel/2015- April/007572. html www.ubuntu. com/usn/ usn-2865- 1/
http://
Please also see the following cacert.org announcement:
http:// blog.cacert. org/2015/ 12/re-signing- root-certificat e/