gnutls 2.9.10 breaks exim4 TLS (Denying unsafe (re)negotiation.)
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue May 18 21:14:36 CEST 2010
Andreas Metzler wrote:
> On 2010-05-08 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
> [...]
>> How easy would it be for exim to use gnutls_priority_* functions? The
>> others have been deprecated for quite a time. Moreover it would be
>> easier for exim to setup a configuration string for the
>> priority_set_direct function.
> [...]
>
> Hello,
> Doable, but not without pain. Exim exposes the gnutls_priority_*
> functions to the user (see options tls_require_ciphers et al in
> http://docs.exim.org/current/spec_html/ch39.html#SECTreqciphgnu)
> switching would cause an configuration file syntax change. - It could
> either ignore the old settings while still warning about them or
> throw an error (invalid setting).
Does the attached patch to gnutls fixes the issue?
regards,
Nikos
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch.txt
URL: </pipermail/attachments/20100518/b4323e05/attachment.txt>
More information about the Gnutls-devel
mailing list