2

I have libvirt, one client and one server. Libvirt uses gnutls implementation of tls. I want to use mitmproxy and put in the middle between client and remote server. But mitmproxy uses different implementation of tls - openssl. I read that their certificates and maybe handshake process are not compatible with each other?

Are there any suggestions on which steps should be taken to achieve compatibility or I should just provide for mitmproxy one more implementation of tls layer using gnutls?

Anastasiya Ruzhanskaya
  • 123
  • 5

1 Answers1

1

Is it possible to make OpenSSL work with gnutls?

No of course not. - Yes of course.

Both do, more or less, exactly the same thing: they are crypto libraries that provide as different implementations support for (the same) cryptographic protocols to OTHER applications.

Openssl doesn't need to and can't use gnutls libraries and vice-versa won't need to happen either.

On the other hand: APPLICATIONS linked to OpenSSL libraries can of course communicate with other applications that are instead linked to GnuTLS, as long as

  • both applications mutually agree and use the SAME PROTOCOL
  • the selected protocol is available and implemented correctly in both libraries

I read that their certificates and maybe handshake process are not compatible with each other?

Uhh, where?

As long as they both implement the protocol correctly there is no a priori reason why you should have compatibility issues.

HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • here - https://www.gnutls.org/manual/html_node/Compatibility-with-the-OpenSSL-library.html, but this now seems is related to function calls. – Anastasiya Ruzhanskaya Dec 10 '18 at 13:05
  • That is indeed more a warning that GNUtls is not a drop-in replacement at code level. Other compatibility issues such as [this](https://bugzilla.redhat.com/show_bug.cgi?id=1238333) are possible but in general the result of incorrect implementation or different interpretations of the standards – HBruijn Dec 10 '18 at 13:15