[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: Re: Bug#803204: libiksemel: utterly insecure GNUTLS settings
From: Marc_Dequènes_(duck) <duck () duckcorp ! org>
Date: 2015-11-12 21:14:37
Message-ID: b4edb49f9b1a65f57344da8758a6a7c7 () webmail-rc ! duckcorp ! org
[Download RAW message or body]
Coin,
On 2015-11-12 11:04, Simon Josefsson wrote:
> I would suggest to use gnutls_set_default_priority() instead of
> hard-coding a priority string into applications. Your hard coded
> priority string will be just as obsolete as the hard coded values you
> are replacing in a couple of years.
You're right, this is a better way to setup priorities. Please see my
patch as an urgent fix only. I asked the maintainer to review it as he
should have more experience than me. Besides, when I made this patch I
had the user setup in mind: the library could (and should) easily accept
a string from the caller software in order to allow different
restrictions if the user wishes so (and fallback to your suggestion if
not provided).
I also think upstream should be contacted, not sure it was done. I can't
see a stable upload coming either.
Regards.
--
Marc Dequènes
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic