[gnutls-devel] GnuTLS | DTLS encrypt-then-mac interop issues (#139)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Jun 10 15:05:41 CEST 2019




ocserv on Fedora 30 seems to negotiate EtM with an OpenSSL 1.1.1 client, then the client doesn't like the Finished message.

I've worked around this with https://gitlab.com/openconnect/openconnect/commit/97cafd182f5a5c2d13f57d7faeac8432aea9bbf8 but as discussed on IRC earlier I think there's something wrong on the GnuTLS side.

I fixed OpenSSL thus: https://github.com/openssl/openssl/commit/e23d5071ec4c7aa6bb2b and my commit comment (which I have no reason to disbelieve) says that I tested with GnuTLS both with and without EtM at the time.

But today, running against ocserv on Fedora 30, it fails again.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/139#note_179626567
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190610/b1d3c801/attachment-0001.html>


More information about the Gnutls-devel mailing list