[gnutls-dev] Possible bug in GnuTLS AES/SHA1
simon at josefsson.org
Thu Dec 28 10:14:12 CET 2006
James Westby <jw+debian at jameswestby.net> writes:
> Marc Haber (on CC) the Debian Exim maintainer reported a bug against
> GnuTLS in Debian on behalf of users who were having trouble using their
> mobile phones with Exim using an SSL connection. YOu can read the full
> story here:
> Marc has been very helpful in trying to investigate what the cause of
> the bug is. We now know the following things:
> Linking Exim against OpenSSL works.
> The phones fail when run against gnutls-serv and it's default options.
> Forcing SSL3.0 works, the phones don't support TLS1.2.
> Disallowing SHA1 means RC4 is negotiated, and works.
> There is no compression involved as the phones do not support it.
> I am not sure how to proceed now. Marc has provided plenty of debugging
> info, including dumps of debuggin output from -serv, and he sent me
> privately tcpdumps of the transactions.
> Can you suggest anyway for us to proceed? Do you have any more tools
> that can help us work out what is going on? Unfortuanately there is
> nothing we can do from the phone end as we have no idea what is going on
Hi! Interesting... it seems you have already done a fair bit of
debugging yourself. I couldn't see the protocol dumps or debug info
in the messages that I read (but I read only briefly), and those would
help me to debug it further. However, I think it will take quite some
time to study the logs and understand what is going on, but it is
difficult to prioritize that for me. I think someone who can
live-debug gnutls-serv against a phone is in the best position to
continue debug this.
What GnuTLS version are you using? There was a version-negotiating
bug solved during 1.5.x (in 1.6.0), but I'm not sure it is relevant.
I assume you meant TLS1.1 and not TLS1.2 above? The phone supports
TLS1.0 and do not support TLS1.1 or TLS1.2, right?
I suggest to try to do more binary-searching between the features that
work and the features that do not work, to hopefully start to see a
pattern in it. Enabling and disabling specific features, which you've
started with, seems like a good move, but maybe you can go further.
Like trying to force AES/SHA1 ciphersuites with SSL3.0 (if that is
even possible..) or force RC4 with TLS1.0. Try to find out exactly
which configurations work and which do not; try all cipher suites
Trying to configure both GnuTLS and OpenSSL to use as similar
parameters as possible, and then look at the protocol dumps to spot
difference would also help. GnuTLS might be doing something different
from OpenSSL that triggers the problem.
More information about the Gnutls-dev