[gnutls-dev] Possible bug in GnuTLS AES/SHA1
Simon Josefsson
simon at josefsson.org
Tue Jan 9 08:47:19 CET 2007
James Westby <jw+debian at jameswestby.net> writes:
> On (28/12/06 10:14), Simon Josefsson wrote:
>> James Westby <jw+debian at jameswestby.net> writes:
>> Hi! Interesting... it seems you have already done a fair bit of
>> debugging yourself. I couldn't see the protocol dumps or debug info
>> in the messages that I read (but I read only briefly), and those would
>> help me to debug it further.
>
> Sorry, I should have included a pointer to
>
> http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/2006-December/000338.html
>
> I have the tcpdumps in a private mail that I could forward to you if
> required.
Please send them to me, I might get a chance to a have a look.
>> Trying to configure both GnuTLS and OpenSSL to use as similar
>> parameters as possible, and then look at the protocol dumps to spot
>> difference would also help. GnuTLS might be doing something different
>> from OpenSSL that triggers the problem.
>
> I haven't suggested this. Marc did ask for advice on how to get openssl
> to act like -serv, but I didn't know and haven't looked it up yet.
Try:
openssl s_server ...
> On a slightly different note, -serv is an excellent tool, and has been
> very useful. Marc did have one problem with it though. As the first
> message of SMTP is sent by the server the echo mode didn't work. He
> asked if it would be possible to have a -cli like mode where the user
> can type to simulate the protocol they are testing. Would this be
> possible? Would you like me to open another thread on this topic or
> something?
Ah, I see. One problem with the -cli tool is that it needs to
select() on both keyboard input and network streams, something which
doesn't work reliably under Windows. gnutls-serv doesn't (yet) have
that problem, since it doesn't read from keyboards. I realize this is
not a good reason not to support such a mode, though... Having an
--interactive parameter for -serv that would read from keyboard input
would be OK, and if you want to work on it, that would be great. I'm
afraid I don't have time to implement this myself without any funding
though.
/Simon
More information about the Gnutls-devel
mailing list