Bug#390712: gnutls

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon Nov 5 16:58:57 UTC 2007


OpenSSL does not support random padding. They handle TLS 1.0 padding exactly
as SSL 3.0, thus this issue does not occur there. I believe that random padding
is important feature that avoids statistical attacks on the data, so
it's enabled by default
 in gnutls.

On 11/5/07, Simon Josefsson <simon at josefsson.org> wrote:
> Nikos wrote:
>
> > Ok it seems that with the help of Hanno Wagner I managed to debug this issue.
> > These clients fail to understand TLS 1.0 record packets with a padding added.
> > This only occurs when using non stream ciphers (i.e. not arcfour) and does
> > not occur when using SSL 3.0 which does not allow such padding. So one point
> > is for users of these devices to report that as bug.
> >
> > However a fix in gnutls is not easy to do. If we disable the random padding in
> > TLS 1.0 we do disable a nice feature of TLS that protects against statistical
> > attacks. Thus I'd be against such a fix.
>
> Why doesn't this problem happen with OpenSSL?  Does it MAC padding under
> some circumstances?  Could GnuTLS do the same?
>
> /Simon
>





More information about the Pkg-exim4-maintainers mailing list