[gnutls-devel] status on encrypt-then-mac (RFC7366)

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Oct 24 15:42:29 CEST 2014

 I've implemented the encrypt-then-mac RFC in a special branch [0],
but I've realized that the existing deployed servers on the internet
that were advertized in [1] do not actually follow the protocol
described in the document. This was also noticed by the NSS people in
[2],  so I'm indefinitely postponing the merge of that TLS extension
to gnutls 3.4, until there no issues with interoperability.


[0]. https://www.gitorious.org/gnutls/gnutls/commit/cfc5cb2032a61566599b91f3b2ed5a182216ae24
[1]. http://www.ietf.org/mail-archive/web/tls/current/msg12664.html
[2]. https://bugzilla.mozilla.org/show_bug.cgi?id=972145

More information about the Gnutls-devel mailing list