[Nix-dev] GnuTLS 2.10

Ludovic Courtès ludo at gnu.org
Mon Jul 12 13:55:53 CEST 2010 

Hi Michael,

Michael Raskin <7c6f434c at mail.ru> writes:

> On 07/12/2010 01:16 PM, Ludovic Courtès wrote:
>>> from Changelog. And GNU TLS upgrade does require upgrading some things
>>> to fix interaction regressions (I can tell the details if you want, but
>>> they are longer than 10 lines).
>>
>> What problems did you encounter?
>>
>> (I maintain several packages in Nixpkgs that use GnuTLS, and they all
>> survived the upgrade AFAICS.)
>
> Summary: GnuTLS implements TLS fine, but has problems with legacy SSL
> servers; workarounds fail when TLS version set in GnuTLS changes.
>
> The problems are not with building the packages - this passes OK. The
> problem is not even when using the built programs with fresh
> RFC-supporting TLS-prioritizing servers. The problem is with using some
> client programs that use GnuTLS with servers implementing only SSL.
>
> TLS is supposed to be backwards-compatible with SSL. As far as I
> understand, some of the handshake-time weaknesses in SSL can be
> exploited against TLS clients, too. GnuTLS by default implements TLS
> handshake (even when SSL 3.0 is among allowed protocols) in a special
> way (more secure against some attack and understood by any server that
> can talk to standard TLS clients via TLS) and so nearly all SSL 3.0
> servers that can be observed in the wild panic and break the connection.

OK, thanks for the explanation.

Clients or servers can restrict the set of supported protocols with
‘gnutls_protocol_set_priority’.  So they could give SSL 3.0 higher
priority than other protocols, or something like that.

Now, it seems weird that TLS handshake is used even when SSL 3.0 is
asked.  Did you raise the issue on bug-gnutls at gnu.org?

[...]

> So some clients that encounter SSL and rarely see TLS (for example,
> libsoup) just disable all TLS protocols. It is done but telling GnuTLS
> not to use TLS 1.0 and TLS 1.1. Of course, once TLS 1.2 is supported in
> GnuTLS 2.10, there are bugs reported against libsoup, lftp and other
> software that they cannot use SSL when linked against latest GnuTLS.
> Then there are patches that additionally disable TLS 1.2. It is
> unfortunate, as it decreases an incentive to fix servers

Agreed.

I don’t work on GnuTLS these days so I’d suggest discussing this on
bug-gnutls at gnu.org.

Thanks,
Ludo’.

More information about the nix-dev mailing list