[prev in list] [next in list] [prev in thread] [next in thread]
List: gnutls-dev
Subject: Re: [gnutls-devel] NORMAL:-SIGN-ALL changed behavior in 3.3.15
From: Andreas Metzler <ametzler () bebt ! de>
Date: 2015-05-11 17:18:59
Message-ID: 20150511171859.GA1335 () downhill ! g ! la
[Download RAW message or body]
On 2015-05-11 Nikos Mavrogiannopoulos <n.mavrogiannopoulos@gmail.com> wrote:
> On 10 May 2015 13:24:39 CEST, Andreas Metzler <ametzler@bebt.de> wrote:
> > Hello,
> >
> > I have tried finding the reason for <https://bugs.debian.org/784430>
> > (lynx nor being able to connect to kernel.org since upgrading GnuTLS
> > to 3.3.15). Afaict it comes from lynx using this byzantine priority
> > string:
> > NONE:+VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0:+AES-256-GCM:+AES-128-GCM \
> > :+AES-256-CBC:+AES-128-CBC:+CAMELLIA-256-CBC:+CAMELLIA-128-CBC:+3DES-CBC:+COMP-NULL:+DHE-RSA:+RSA:+DHE-DSS:+SHA1:+MD5
> >
> > Boiling this down to the simplest case shows that 3.3.14 connected
> > successfully (including certificate verification) to www.kernel.org,
> > but 3.3.15 stopped doing so. I suspect it is side-effect of the fix
> > for GNUTLS-SA-2015-2.
> The priority string is indeed wrong. The issue is that it enables
> tls1.2 but no signature algorithms. Given that the fix in 3.3.15 is
> to enforce the algorithms set, the issue seen is justified.
Thanks for the confirmation, I will submit a bug report against lynx.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
_______________________________________________
Gnutls-devel mailing list
Gnutls-devel@lists.gnutls.org
http://lists.gnupg.org/mailman/listinfo/gnutls-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic