Bug#390712: gnutls
Simon Josefsson
simon at josefsson.org
Mon Nov 5 14:56:10 UTC 2007
Nikos wrote:
> Ok it seems that with the help of Hanno Wagner I managed to debug this issue.
> These clients fail to understand TLS 1.0 record packets with a padding added.
> This only occurs when using non stream ciphers (i.e. not arcfour) and does
> not occur when using SSL 3.0 which does not allow such padding. So one point
> is for users of these devices to report that as bug.
>
> However a fix in gnutls is not easy to do. If we disable the random padding in
> TLS 1.0 we do disable a nice feature of TLS that protects against statistical
> attacks. Thus I'd be against such a fix.
Why doesn't this problem happen with OpenSSL? Does it MAC padding under
some circumstances? Could GnuTLS do the same?
/Simon
More information about the Pkg-exim4-maintainers
mailing list