Bug#623001: libgnutls26: fails to handshake on a number of sites (firefox works)
Simon Josefsson
simon at josefsson.org
Sun Apr 17 09:45:43 CEST 2011
Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> On 04/16/2011 05:54 PM, Andreas Metzler wrote:
>
>> thank you for taking the time to test the packages in experimental. I
>> can reproduce the bug.
>>
>> For clarification it is not caused by libgcrypt11 from experimental,
>> libgnutls26 2.12.2-1 with stable libgcrypt11 also fails. Attached
>> verbose log is not a lot more enlightening.
>
> d3nwyuy0nl342s.cloudfront.net seems to support only one ciphersuite.
> That is ARCFOUR-128 with HMAC-MD5. I disabled HMAC-MD5 from the default
> set in 2.12.0 because it is not really trusted as an HMAC any more.
> If however this is widespread issue I'll reinstate HMAC-MD5 and
> remove it when a real attack is known.
I thought there weren't any attacks on HMAC-MD5, have I missed anything?
/Simon
More information about the Gnutls-devel
mailing list