MAC padding (Debian Bug #390712)

Andreas Metzler ametzler at
Thu Jan 3 16:51:00 CET 2008

On 2008-01-03 Marc Haber <mh+gnutls-devel at> wrote:
> Debian Bug #390712,
> =================================================
> Simon writes:
> >  Appears to be triggered by GnuTLS implementing MAC padding to solve a
> >  security problem in TLS. OpenSSL reportedly does not implement the
> >  same work around, and would thus appear to be vulnerable to that
> >  problem.
> >  Conclusion: Appears to be a ???wontfix??? bug. Personally, I think GnuTLS
> >  could provide a simpler mechanism to disable MAC padding if
> >  applications deem this necessary. Someone could double check how
> >  important the MAC padding security concern is.

> I disagree about the "wontfix" bug. We have an interoperability issue
> here, where the end user notices "things work when I use OpenSSL or do
> not use TLS at all, only GnuTLS breaks". In the result, the end user
> will use OpenSSL or no TLS at all, which reduces GnuTLS user base and
> cryptography coverage.

> I would like to see a mechanism to disable MAC padding if it is really
> the culprit here.


AFAIUI that has been done on the gnutls side of things:
* Version 2.0.3 (released 2007-11-10)

** Added gnutls_record_disable_padding() to allow servers talking to
buggy clients that complain if the TLS 1.0 record protocol padding is

** Introduced gnutls_session_enable_compatibility_mode() to allow
enabling all supported compatibility options (like disabling padding).

thanks, cu andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Gnutls-devel mailing list