[gnutls-devel] 3.2.2 breaks TLS sockets

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Jul 26 15:17:49 CEST 2013

On Fri, Jul 26, 2013 at 3:03 PM, Dan Winship <danw at gnome.org> wrote:
> On 07/26/2013 12:53 AM, Nikos Mavrogiannopoulos wrote:
>> Thank you, From a quick glimpse it doesn't seem to be something obvious.
>> May I ask how did you reproduce it? Did you connect to a server and
>> downloaded data? Is it again with gio? What were the cipher and MAC
>> being used?
> Yes, with gio. I used the "get" test program from the libsoup sources
> (basically wget implemented via libsoup). And yes, the error occurred
> while reading the response. (So I guess you want to test against a large
> resource.)
> gio normally uses "NORMAL:%COMPAT", but I verified that the bug happens
> without %COMPAT too, and I don't think there's anything else especially
> unusual that gio does. So it *should* be possible to reproduce with
> gnutls-cli, maybe doing something like:

Thank you. I see that RSA_ARCFOUR_SHA1 is negotiated. Is it easy to
check whether this occurs when AES128-CBC-SHA1 is used (e.g. by using
NORMAL:-ARCFOUR-128 as the priority string)? If not then the issue is
pretty much contained and I hope to fix it soon.


More information about the Gnutls-devel mailing list