[gnutls-help] Question about POODLE tls1

Bryan Quigley bryan.quigley at canonical.com
Wed Nov 18 20:22:43 CET 2015


I've asked SSL Labs [1] to see if it could be a false positive and if
not if there are more specific details.

Thanks and regards,
Bryan

[1] http://sourceforge.net/p/ssllabs/mailman/ssllabs-discuss/?viewmonth=201511&viewday=18

On Wed, Nov 18, 2015 at 4:07 AM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> On Tue, Nov 17, 2015 at 3:32 PM, Bryan Quigley
> <bryan.quigley at canonical.com> wrote:
>>>gnutls 2.12 is not maintained since long time. However, poodle is easily
>>>solvable by disabling SSL 3.0. There should be a configuration setting in
>>>the program that you use to achieve that.
>> That's what I assumed as well, but since Poodle was released it was
>> found to also affect some implementations of TLS.  This is a test
>> server [1] (using cups TLS) that has SSLv3 disabled but ssllabs has
>> determined TLS is affected by Poodle.  The best description of this
>> slightly different Poodle is available here[2].
>
> It may be that the test done by qualys does not reflect the
> description in [2]. GnuTLS 2.12.x does the padding correctly so either
> the tests only checks for CBC ciphersuites and tag the server as
> broken, or the test is broken.
>
> regards,
> Nikos



More information about the Gnutls-help mailing list