From nmav at gnutls.org Mon Oct 13 13:33:24 2014 From: nmav at gnutls.org (Nikos Mavrogiannopoulos) Date: Mon, 13 Oct 2014 13:33:24 +0200 Subject: [mod_gnutls-devel] CFP: Security Devroom @ FOSDEM'15 Message-ID: CFP: Security Devroom @ FOSDEM'15 AKA "Hardware and Software isolation mechanisms" Next FOSDEM [1] will, again, have a security devroom, this time on the topic of "Hardware and Software isolation mechanisms". We'd like to invite submissions of talks and presentations from developers, security researchers and other interested representatives of open source and free software and hardware projects. This is the call for talks and presentations that will take place in the Security devroom at FOSDEM 2015. Our topic this year: As complex software tends to have bugs, methods to contain the damage from a potentially serious bug (e.g., code injection, leak of memory contents) are required. While such methods have been known and available for a long time (HSMs and smart cards, privilege separation), it is surprising that an attack like heartbleed required the revocation of the private keys of a large part of the Internet. For that reason Hardware and Software isolation mechanisms that could mitigate such attacks, are again on the line, and the main theme of this devroom. For up-to-date submission and event information: https://github.com/security-devroom/fosdem-2015 The security devroom will be held on Sunday 1st of February 2015 in Brussels, Belgium at ULB room S.AW1.120 from 09:00 to 17:00. I kindly ask you to forward this announcement to any relevant FOSS project mailing list. [1] https://fosdem.org/2015/ [2] https://github.com/security-devroom/fosdem-2015 From pu at uni-konstanz.de Fri Oct 31 23:59:55 2014 From: pu at uni-konstanz.de (Peter Ulber) Date: Fri, 31 Oct 2014 23:59:55 +0100 Subject: [mod_gnutls-devel] Does mod-gnutls supports GCM mode? Message-ID: <1414796395.4796.15.camel@sal9000.rz.uni-konstanz.de> Hi, I tried hard to find suitable priority strings for my web server, using - debian wheezy 7.6 - apache 2.2.22 - gnutls 3.3.7 - mod-gnutls 0.5.10 For TLS 1.2 I wanted to use GCM instead of CBC, but it seems that mod-gnutls doesn't support that. It would be nice having it :) Additionally it's hard to find out what priority strings are actually supported. I looked it up here: http://www.outoforder.cc/projects/apache/mod_gnutls/docs/#GnuTLSPriorities http://gnutls.org/manual/html_node/Priority-Strings.html It was a bit annoying because what mod-gnutls actually supports is something in between, which I had to find out by trial and error. So I ended up with GnuTLSPriorities NONE:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0: +AES-256-CBC:+CAMELLIA-256-CBC:+DHE-RSA:+SHA256:+SHA1:+SIGN-RSA-SHA256: +COMP-NULL which have given me the following results at SSL Labs https://www.ssllabs.com/ssltest/analyze.html?d=mirror.uni-konstanz.de So, to avoid e.g. padding attacks the GCM mode would be nice. Any plans? Regards, Peter -- Peter Ulber ----- KIM IT Services at the University Konstanz V404 (phone: +49 7531882622) - Mail/XMPP: pu at uni-konstanz.de https://www.rz.uni-konstanz.de/rechenzentrum/team/peterulber S/MIME Fingerprint: E1353193E1BD5ED2F34759168686ABAEFF1F7B9D -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6192 bytes Desc: not available URL: