[gnutls-dev] Possible bug in GnuTLS AES/SHA1

Simon Josefsson simon at josefsson.org
Tue Jan 9 08:47:19 CET 2007


James Westby <jw+debian at jameswestby.net> writes:

> On (28/12/06 10:14), Simon Josefsson wrote:
>> James Westby <jw+debian at jameswestby.net> writes:
>> Hi!  Interesting...  it seems you have already done a fair bit of
>> debugging yourself.  I couldn't see the protocol dumps or debug info
>> in the messages that I read (but I read only briefly), and those would
>> help me to debug it further.
>
> Sorry, I should have included a pointer to 
>
> http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/2006-December/000338.html
>
> I have the tcpdumps in a private mail that I could forward to you if
> required.

Please send them to me, I might get a chance to a have a look.

>> Trying to configure both GnuTLS and OpenSSL to use as similar
>> parameters as possible, and then look at the protocol dumps to spot
>> difference would also help.  GnuTLS might be doing something different
>> from OpenSSL that triggers the problem.
>
> I haven't suggested this. Marc did ask for advice on how to get openssl
> to act like -serv, but I didn't know and haven't looked it up yet.

Try:

openssl s_server ...

> On a slightly different note, -serv is an excellent tool, and has been
> very useful. Marc did have one problem with it though. As the first
> message of SMTP is sent by the server the echo mode didn't work. He
> asked if it would be possible to have a -cli like mode where the user
> can type to simulate the protocol they are testing. Would this be
> possible? Would you like me to open another thread on this topic or
> something?

Ah, I see.  One problem with the -cli tool is that it needs to
select() on both keyboard input and network streams, something which
doesn't work reliably under Windows.  gnutls-serv doesn't (yet) have
that problem, since it doesn't read from keyboards.  I realize this is
not a good reason not to support such a mode, though...  Having an
--interactive parameter for -serv that would read from keyboard input
would be OK, and if you want to work on it, that would be great.  I'm
afraid I don't have time to implement this myself without any funding
though.

/Simon




More information about the Gnutls-devel mailing list