On Tue, Jul 01, 2025 at 11:38:37AM +0100, Daniel P. Berrangé via Devel wrote:
On Tue, Jul 01, 2025 at 10:59:06AM +0200, Peter Krempa wrote:
> On Tue, Jul 01, 2025 at 09:49:57 +0100, Daniel P. Berrangé wrote:
> > On Mon, Jun 30, 2025 at 07:25:05PM +0200, Peter Krempa via Devel wrote:
> > > From: Peter Krempa <pkrempa(a)redhat.com>
> > >
> > > Key encipherment is required only for RSA key exchange algorithm. With
> > > TLS 1.3 this is not even used as RSA is used only for authentication.
> > >
> > > Since we can't really check when it's required ahead of time drop
the
> > > check completely. GnuTLS will moan if it will not be able to use RSA
> > > key exchange.
> >
> > GNUTLS only reports problems at runtime, while the libvirt code is
> > used at system startup. This greatly improves the debuggability of
> > sysadmin config screwups, so we don't really want to delegate to
> > GNUTLS for this.
> >
> > > In commit 11867b0224a2 I tried to relax the check for some eliptic
> > > curve algorithm that explicitly forbid it. Based on the above the proper
> > > solution is to completely remove it.
> >
> > We need to invert the check - instead of excluding just ECDSA, we
> > need to include only DSA and GHOST algorithms.
>
> Originally I did the same but then I read (and verified; see my
> followup) that with TLS 1.3 the RSA key exchange algorithm isn't even
> used so keyEncipherment capability isn't even needed.
Ok, yeah, I've found that now too.
If we're removing this entirely from the impl, we should also update
the docs/kbase/tlscerts.rst.
IIRC, we need to remove the 'encryption_key' flag to stop gnutls
adding 'key encipherment' to DSA certs.
Also our test suite uses
GNUTLS_KEY_KEY_ENCIPHERMENT
when creating test certs and so that can go.
With regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|