[gnutls-devel] NORMAL:-SIGN-ALL changed behavior in 3.3.15

Andreas Metzler ametzler at bebt.de
Mon May 11 19:18:59 CEST 2015

On 2015-05-11 Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> wrote:

> On 10 May 2015 13:24:39 CEST, Andreas Metzler <ametzler at bebt.de> wrote:
> >Hello,
> >
> >I have tried finding the reason for <https://bugs.debian.org/784430>
> >(lynx nor being able to connect to kernel.org since upgrading GnuTLS
> >to 3.3.15). Afaict it comes from lynx using this byzantine priority
> >string:

>> Boiling this down to the simplest case shows that 3.3.14 connected
>> successfully (including certificate verification) to www.kernel.org,
>> but 3.3.15 stopped doing so. I suspect it is side-effect of the fix
>> for GNUTLS-SA-2015-2.

> The priority string is indeed wrong. The issue is that it enables
> tls1.2 but no signature algorithms.  Given that the fix in 3.3.15 is
> to enforce the algorithms set, the issue seen is justified. 

Thanks for the confirmation, I will submit a bug report against lynx.

cu Andreas
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

More information about the Gnutls-devel mailing list