Page MenuHome GnuPG
Create Task
Maniphest T3411

TLS problems with ntbtls with some ECC curves (discovered with hkps://pgp.mailbox.org on Windows)
Closed, ResolvedPublic
Actions

Description

https://wald.intevation.org/forum/forum.php?thread_id=1668&forum_id=21&group_id=11
a user reports problems to access hkps://pgp.mailbox.org on windows 10.

The debugging shows:
DBG: ntbtls(2): got an alert message, type: [2:40]

Expected behaviour: The keyserver connection is made to search for the pubkey.

This looks either like a software defect or a documentation deficit how to analyse
the problem to get a connection.

Observation: gpg 2.1.11 with gnutls on Debian contacts the keyserver just fine.

Has been tested with Gpg4win 3.0(rc) 3.0.0 beta 299.

Revisions and Commits

rT Not Too Bad TLS
rT387f2fda683b Support the other two NIST curves and their Brainpool counterparts.

Related Objects

Event Timeline

bernhard assigned this task to werner.Sep 18 2017, 2:16 PM
bernhard created this task.
werner triaged this task as Unbreak Now! priority.Sep 18 2017, 4:41 PM

You can't access that server even from Windows7 due to an uncommon ECC curve. I need to investigate but it is likely that ntbtls does not yet support it.

werner added a comment.Sep 18 2017, 11:00 PM

I added the missing curves to ntbtls and will soon do a new release. To please some folks here I also added the Brainpool curves ;-)

werner added a commit: rT387f2fda683b: Support the other two NIST curves and their Brainpool counterparts..Sep 19 2017, 4:47 AM
bernhard renamed this task from Diagnosing a TLS problem with ntbtls on Windows 10 to TLS problems with ntbtls with some ECC curves.Sep 19 2017, 8:38 AM
bernhard renamed this task from TLS problems with ntbtls with some ECC curves to TLS problems with ntbtls with some ECC curves (discovered with hkps://pgp.mailbox.org on Windows).
werner closed this task as Resolved.Sep 19 2017, 8:52 AM

ntbtls 0.1.2 has been released as well gnupg 2.2.1 with other fixes and the Windows installer using that new ntbtls.

historic_bruno mentioned this in T4597: Support GCM modes for ntbtls..Jul 1 2019, 3:03 PM