MAC padding (Debian Bug #390712)

Simon Josefsson simon at
Thu Jan 3 22:28:29 CET 2008

Andreas Metzler <ametzler at> writes:

> On 2008-01-03 Marc Haber <mh+gnutls-devel at> wrote:
>> On Thu, Jan 03, 2008 at 04:51:00PM +0100, Andreas Metzler wrote:
>> > AFAIUI that has been done on the gnutls side of things:
>> > ------------------------------
>> > * Version 2.0.3 (released 2007-11-10)
>> > 
>> > ** Added gnutls_record_disable_padding() to allow servers talking to
>> > buggy clients that complain if the TLS 1.0 record protocol padding is
>> > used.
>> > 
>> > ** Introduced gnutls_session_enable_compatibility_mode() to allow
>> > enabling all supported compatibility options (like disabling padding).
>> > ------------------------------
>> Is it possible to disable this at run time without having to modify
>> exim?
> Hello,
> Afaik no, exim would need to change. Probably adding a new
> global option to configure this.

Agreed, but please use the new cipher preference API instead (see below)
since it can be used to control much more things, and is more suitable
for application configuration.

A reasonable default priority to have in the exim configuration file
would be 'NORMAL'.  Administrators that want to lower their security
level (possibly for just a particular IP address range?  Not sure if
that kind of flexibility is allowed by exim) can replace the string with
'NORMAL:%COMPAT' or similar.  That would disable MAC padding.

Note that this API was introduced with gnutls v2.2.


  * gnutls_priority_init - Sets priorities for the cipher suites supported by gnutls.
  * @priority_cache: is a #gnutls_prioritity_t structure.
  * @priorities: is a string describing priorities
  * @err_pos: In case of an error this will have the position in the string the error occured
  * Sets priorities for the ciphers, key exchange methods, macs and
  * compression methods. This is to avoid using the
  * gnutls_*_priority() functions.
  * The #priorities option allows you to specify a semi-colon
  * separated list of the cipher priorities to enable.
  * Unless the first keyword is "NONE" the defaults are:
  * Protocols: TLS1.1, TLS1.0, and SSL3.0.
  * Compression: NULL.
  * Certificate types: X.509, OpenPGP.
  * You can also use predefined sets of ciphersuites: "PERFORMANCE"
  * all the "secure" ciphersuites are enabled, limited to 128 bit
  * ciphers and sorted by terms of speed performance.
  * "NORMAL" option enables all "secure" ciphersuites. The 256-bit ciphers
  * are included as a fallback only. The ciphers are sorted by security margin.
  * "SECURE128" flag enables all "secure" ciphersuites with ciphers up to 
  * 128 bits, sorted by security margin.
  * "SECURE256" flag enables all "secure" ciphersuites including the 256 bit
  * ciphers, sorted by security margin.
  * "EXPORT" all the ciphersuites are enabled, including the
  * low-security 40 bit ciphers.
  * "NONE" nothing is enabled. This disables even protocols and
  * compression methods.
  * Special keywords:
  * '!' or '-' appended with an algorithm will remove this algorithm.
  * '+' appended with an algorithm will add this algorithm.
  * '%COMPAT' will enable compatibility features for a server.
  * To avoid collisions in order to specify a compression algorithm in
  * this string you have to prefix it with "COMP-", protocol versions
  * with "VERS-" and certificate types with "CTYPE-". All other
  * algorithms don't need a prefix.
  * For key exchange algorithms when in NORMAL or SECURE levels the
  * perfect forward secrecy algorithms take precendence of the other
  * protocols.  In all cases all the supported key exchange algorithms
  * are enabled (except for the RSA-EXPORT which is only enabled in
  * EXPORT level).
  * Note that although one can select very long key sizes (such as 256 bits) 
  * for symmetric algorithms, to actually increase security the public key
  * algorithms have to use longer key sizes as well.
  * Examples: "NORMAL:!AES-128-CBC",
  * Returns: On syntax error %GNUTLS_E_INVALID_REQUEST is returned,
  * %GNUTLS_E_SUCCESS on success, or an error code.
gnutls_priority_init (gnutls_priority_t * priority_cache,
		      const char *priorities, const char **err_pos)

More information about the Gnutls-devel mailing list