[gnutls-devel] GnuTLS | gnutls_session_t unsafe to use from multiple threads due to TLS 1.3 rekeying (#1717)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Sat Jul 19 00:20:51 CEST 2025
Daiki Ueno commented: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2636736894
I took a closer look at it and now suspect a logic error in the current key update code, not related to threading. The "decryption failed" errors indicate that the receiver of the message doesn't have the correct decryption key yet, and this is the case when the peer sends a data encrypted with an old key, while the receiving key is already updated. I tried to rework the logic to be more in line with the RFC (!1990), and it seems to fix the errors in the reproducer.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1717#note_2636736894
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20250718/948674f1/attachment.html>
More information about the Gnutls-devel
mailing list