On Sat, Sep 01, 2012 at 10:31:55AM +0200, Nikos Mavrogiannopoulos wrote: > Interesting case. > > |<3>| HSK[0x188ae60]: Selected ECC curve SECP384R1 (3) > > |<3>| HSK[0x188ae60]: verify handshake data: using ECDSA-SHA256 > > |<2>| ASSERT: gnutls_sig.c:365 > > I suppose that your server's certificate has the SECP384R1 curve, is > that right? In that case the server should have used the SHA-384 or > SHA-512 hash algorithms (see > http://tools.ietf.org/html/rfc5480#section-4 ). However your server used > SHA-256 instead and that's why gnutls complains.
Yes, that is the case. I suppose this is a bug in OpenSSL? -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
_______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
