[gnutls-help] Question about POODLE tls1

Nikos Mavrogiannopoulos nmav at gnutls.org
Wed Nov 18 10:07:32 CET 2015


On Tue, Nov 17, 2015 at 3:32 PM, Bryan Quigley
<bryan.quigley at canonical.com> wrote:
>>gnutls 2.12 is not maintained since long time. However, poodle is easily
>>solvable by disabling SSL 3.0. There should be a configuration setting in
>>the program that you use to achieve that.
> That's what I assumed as well, but since Poodle was released it was
> found to also affect some implementations of TLS.  This is a test
> server [1] (using cups TLS) that has SSLv3 disabled but ssllabs has
> determined TLS is affected by Poodle.  The best description of this
> slightly different Poodle is available here[2].

It may be that the test done by qualys does not reflect the
description in [2]. GnuTLS 2.12.x does the padding correctly so either
the tests only checks for CBC ciphersuites and tag the server as
broken, or the test is broken.

regards,
Nikos



More information about the Gnutls-help mailing list