Re: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

2025-07-01 Thread Daniel P . Berrangé via Devel
On Tue, Jul 01, 2025 at 01:13:36PM +0200, Peter Krempa wrote: > On Tue, Jul 01, 2025 at 11:38:37 +0100, Daniel P. Berrangé wrote: > > On Tue, Jul 01, 2025 at 10:59:06AM +0200, Peter Krempa wrote: > > > On Tue, Jul 01, 2025 at 09:49:57 +0100, Daniel P. Berrangé wrote: > > > > On Mon, Jun 30, 2025 at

Re: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

2025-07-01 Thread Peter Krempa via Devel
On Tue, Jul 01, 2025 at 11:38:37 +0100, Daniel P. Berrangé wrote: > On Tue, Jul 01, 2025 at 10:59:06AM +0200, Peter Krempa wrote: > > On Tue, Jul 01, 2025 at 09:49:57 +0100, Daniel P. Berrangé wrote: > > > On Mon, Jun 30, 2025 at 07:25:05PM +0200, Peter Krempa via Devel wrote: > > > > From: Peter K

Re: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

2025-07-01 Thread Daniel P . Berrangé via Devel
On Tue, Jul 01, 2025 at 11:38:37AM +0100, Daniel P. Berrangé via Devel wrote: > On Tue, Jul 01, 2025 at 10:59:06AM +0200, Peter Krempa wrote: > > On Tue, Jul 01, 2025 at 09:49:57 +0100, Daniel P. Berrangé wrote: > > > On Mon, Jun 30, 2025 at 07:25:05PM +0200, Peter Krempa via Devel wrote: > > > > F

Re: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

2025-07-01 Thread Daniel P . Berrangé via Devel
On Tue, Jul 01, 2025 at 10:59:06AM +0200, Peter Krempa wrote: > On Tue, Jul 01, 2025 at 09:49:57 +0100, Daniel P. Berrangé wrote: > > On Mon, Jun 30, 2025 at 07:25:05PM +0200, Peter Krempa via Devel wrote: > > > From: Peter Krempa > > > > > > Key encipherment is required only for RSA key exchange

Re: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

2025-07-01 Thread Peter Krempa via Devel
On Tue, Jul 01, 2025 at 09:49:57 +0100, Daniel P. Berrangé wrote: > On Mon, Jun 30, 2025 at 07:25:05PM +0200, Peter Krempa via Devel wrote: > > From: Peter Krempa > > > > Key encipherment is required only for RSA key exchange algorithm. With > > TLS 1.3 this is not even used as RSA is used only f

Re: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

2025-07-01 Thread Daniel P . Berrangé via Devel
On Mon, Jun 30, 2025 at 07:25:05PM +0200, Peter Krempa via Devel wrote: > From: Peter Krempa > > Key encipherment is required only for RSA key exchange algorithm. With > TLS 1.3 this is not even used as RSA is used only for authentication. > > Since we can't really check when it's required ahead

Re: [PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

2025-06-30 Thread Peter Krempa via Devel
On Mon, Jun 30, 2025 at 19:25:05 +0200, Peter Krempa wrote: > From: Peter Krempa > > Key encipherment is required only for RSA key exchange algorithm. With > TLS 1.3 this is not even used as RSA is used only for authentication. > > Since we can't really check when it's required ahead of time dro

[PATCH] tls: Don't require 'keyEncipherment' to be enabled altoghther

2025-06-30 Thread Peter Krempa via Devel
From: Peter Krempa Key encipherment is required only for RSA key exchange algorithm. With TLS 1.3 this is not even used as RSA is used only for authentication. Since we can't really check when it's required ahead of time drop the check completely. GnuTLS will moan if it will not be able to use R