[gnutls-dev] SRP compatibility problem between different GnuTLS version
yoann at prelude-ids.org
Tue Jan 23 10:27:28 CET 2007
It appear there are compatibility issues with SRP between different
GnuTLS version. As an example, peers using GnuTLS-1.4.0 are not able to
proceed authentication with peers using GnuTLS-1.4.5: the handshake
terminate with a "GnuTLS internal error".
I suspect this is due to the following change in GnuTLS-1.4.2:
** Change SRP and Cert-Type extensions to match IANA registry.
The problem is that this randomly break things for the end-user although
there are other authentication method usable (the client/server we are
using both support SRP and Anonymous authentication, which are supposed
to be negotiated when the communication start).
In this specific case, I would expect GnuTLS to use another
authentication method, if any, rather than failing.
My question is whether such breakage are predictable, and whether a
change in the application code might permit us to revert to another
authentication method in case it happen.
Yoann Vandoorselaere <yoann at prelude-ids.org>
More information about the Gnutls-devel