[2.10.1] segfault at gnutls_record.c:58

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Aug 19 03:22:12 CEST 2010


On 08/18/2010 09:50 PM, Yclept Nemo wrote:
> Hi,

> While the patch also resolves the segfaults I reported when using a
> customized GnuTLSPriorities list, it seems to break any communication
> with the browser:
> GnuTLS: Handshake Failed (-8) 'A record packet with illegal version
> was received.'
> Invalid method in request \x10
> "\x10" 501 521 "-" "-"
> (GnuTLSPriorities
> NONE:+CAMELLIA-256-CBC:+AES-256-CBC:+DHE-RSA:+SHA1:+COMP-NULL:+COMP-DEFLATE:+VERS-TLS1.1:+VERS-SSL3.0)

Note that your priority string is wrong. TLS1.0 is missing from this
string, thus any fallback from TLS1.1 will be to TLS1.0 that is not
supported and thus the handshake will fail. I'd suggest to use one of
the preconfigured priority strings.

> Also, I'm not sure if this is related to changes from the patch, but
> firefox (same version as above) is telling me:
> ": server does not support RFC 5746, see CVE-2009-3555"

By default it is configured to be in %PARTIAL_RENEGOTIATION mode for
maximum compatibility. This will allow non-RFC5746 compliant clients to
connect. In %SAFE_RENEGOTIATION mode non compliant clients will fail to
connect.

> One question, does 0.5.8 incorporate patch3.txt?

Indeed.

regards,
Nikos




More information about the Gnutls-help mailing list