[Pkg-gnutls-maint] Multiple GnuTLS issues with exim4

[Marc Haber]

On Mon, Jun 26, 2006 at 11:50:40PM +0100, James Westby wrote:
> On (22/06/06 06:49), Marc Haber wrote:
> > Hi,
> > The list of exim bugs that might be connected to gnutls are usedtagged
> > gnutls 
> 
> This seems like a good system for bugs you are not sure about, perhaps
> if you cc this list as you tag it we can consider it as well.

I'll do that in the future.

> > The most annoying bugs are GnuTLS taking way too much entropy on
> > initialization of an SSL session which is a source of constant grief
> > on headless systems, 
> 
> This has been discussed much upstream, but without much of a solution to
> the general problem being found.

Having this issue not solved in many months is a big disappointment.

> Hopefully the amount of entropy used
> could be decreased, which would help a lot.

openssl proves that it is possible. I suspect that they use "real"
entropy to seed a PRNG and pull their randomness from there. Doing so
in GNUtls might decrease entropy consumption by at least one order of
magnitude.

> I'm not sure what we can do to help you here without movement upstream.

Your only chance is probably to continue pestering upstream.

> > and strange misbehavior when both ldaps and smtp
> > over ssl are in use. The latter issue seems to show when both the LDAP
> > library and exim are linked to the same libgnutls.
> 
> I saw that this has now been closed, as it seems it is unreproducible
> with gnutls later than 11. Hopefully we've seen the end of it.

I hope so as well.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835