[gnutls-dev] Possible bug in GnuTLS AES/SHA1

James Westby jw+debian at jameswestby.net
Mon Jan 8 23:16:17 CET 2007

On (28/12/06 10:14), Simon Josefsson wrote:
> James Westby <jw+debian at jameswestby.net> writes:
> Hi!  Interesting...  it seems you have already done a fair bit of
> debugging yourself.  I couldn't see the protocol dumps or debug info
> in the messages that I read (but I read only briefly), and those would
> help me to debug it further.

Sorry, I should have included a pointer to 


I have the tcpdumps in a private mail that I could forward to you if

> However, I think it will take quite some
> time to study the logs and understand what is going on, but it is
> difficult to prioritize that for me.  I think someone who can
> live-debug gnutls-serv against a phone is in the best position to
> continue debug this.

Unfortunately none of us have one of these phones, though Marc has been
quick in getting the debug information that I have asked for.

> What GnuTLS version are you using?  There was a version-negotiating
> bug solved during 1.5.x (in 1.6.0), but I'm not sure it is relevant.

Marc has just tested with the latest version in Debian that backports
this fix to 1.4.4 with no change.

> I assume you meant TLS1.1 and not TLS1.2 above?  The phone supports
> TLS1.0 and do not support TLS1.1 or TLS1.2, right?

Yes, sorry, I got the numbers confused.

> I suggest to try to do more binary-searching between the features that
> work and the features that do not work, to hopefully start to see a
> pattern in it.  Enabling and disabling specific features, which you've
> started with, seems like a good move, but maybe you can go further.
> Like trying to force AES/SHA1 ciphersuites with SSL3.0 (if that is
> even possible..) or force RC4 with TLS1.0.  Try to find out exactly
> which configurations work and which do not; try all cipher suites
> available.

Marc found that his choices were very limited as the phone did not
support many combinations. For instance not allowing SHA means that RC4
is the only choice available. You can see the results in the thread
above. If you have any more queries then Marc can probably help, he has
been excellent so far.

> Trying to configure both GnuTLS and OpenSSL to use as similar
> parameters as possible, and then look at the protocol dumps to spot
> difference would also help.  GnuTLS might be doing something different
> from OpenSSL that triggers the problem.

I haven't suggested this. Marc did ask for advice on how to get openssl
to act like -serv, but I didn't know and haven't looked it up yet.

On a slightly different note, -serv is an excellent tool, and has been
very useful. Marc did have one problem with it though. As the first
message of SMTP is sent by the server the echo mode didn't work. He
asked if it would be possible to have a -cli like mode where the user
can type to simulate the protocol they are testing. Would this be
possible? Would you like me to open another thread on this topic or



  James Westby   --    GPG Key ID: B577FE13    --     http://jameswestby.net/
  seccure key - (3+)k7|M*edCX/.A:n*N!>|&7U.L#9E)Tu)T0>AM - secp256r1/nistp256

More information about the Gnutls-devel mailing list