FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gnutls -- MD5 downgrade in TLS signatures

Affected packages
gnutls < 3.3.15

Details

VuXML ID 3de36a19-429d-11e5-9daa-14dae9d210b8
Discovery 2015-04-25
Entry 2015-08-14

Karthikeyan Bhargavan reports:

GnuTLS does not by default support MD5 signatures. Indeed the RSA-MD5 signature-hash algorithm needs to be explicitly enabled using the priority option VERIFY_ALLOW_SIGN_RSA_MD5. In the NORMAL and SECURE profiles, GnuTLS clients do not offer RSA-MD5 in the signature algorithms extension. However, we find that all GnuTLS clients still accept RSA-MD5 in the ServerKeyExchange and GnuTLS servers still accept RSA-MD5 in the ClientCertificateVerify.

[source]

References

Message http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/8132
Message http://seclists.org/oss-sec/2015/q2/367
URL http://www.gnutls.org/security.html#GNUTLS-SA-2015-2

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.