Bug#623001: libgnutls26: fails to handshake on a number of sites (firefox works)

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Apr 16 18:05:07 CEST 2011


On 04/16/2011 05:54 PM, Andreas Metzler wrote:

> thank you for taking the time to test the packages in experimental. I
> can reproduce the bug.
> 
> For clarification it is not caused by libgcrypt11 from experimental,
> libgnutls26 2.12.2-1 with stable libgcrypt11 also fails.  Attached
> verbose log is not a lot more enlightening.

d3nwyuy0nl342s.cloudfront.net seems to support only one ciphersuite.
That is ARCFOUR-128 with HMAC-MD5. I disabled HMAC-MD5 from the default
set in 2.12.0 because it is not really trusted as an HMAC any more.
If however this is widespread issue I'll reinstate HMAC-MD5 and
remove it when a real attack is known.

regards,
Nikos





More information about the Gnutls-devel mailing list