[Nix-dev] GnuTLS 2.10

Michael Raskin 7c6f434c at mail.ru
Mon Jul 12 12:36:01 CEST 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/12/2010 01:16 PM, Ludovic Courtès wrote:
>> from Changelog. And GNU TLS upgrade does require upgrading some things
>> to fix interaction regressions (I can tell the details if you want, but
>> they are longer than 10 lines).
> 
> What problems did you encounter?
> 
> (I maintain several packages in Nixpkgs that use GnuTLS, and they all
> survived the upgrade AFAICS.)

Summary: GnuTLS implements TLS fine, but has problems with legacy SSL
servers; workarounds fail when TLS version set in GnuTLS changes.

The problems are not with building the packages - this passes OK. The
problem is not even when using the built programs with fresh
RFC-supporting TLS-prioritizing servers. The problem is with using some
client programs that use GnuTLS with servers implementing only SSL.

TLS is supposed to be backwards-compatible with SSL. As far as I
understand, some of the handshake-time weaknesses in SSL can be
exploited against TLS clients, too. GnuTLS by default implements TLS
handshake (even when SSL 3.0 is among allowed protocols) in a special
way (more secure against some attack and understood by any server that
can talk to standard TLS clients via TLS) and so nearly all SSL 3.0
servers that can be observed in the wild panic and break the connection.

It does have an option to behave in a more compatible way, but that mode
still scares away many servers.

So some clients that encounter SSL and rarely see TLS (for example,
libsoup) just disable all TLS protocols. It is done but telling GnuTLS
not to use TLS 1.0 and TLS 1.1. Of course, once TLS 1.2 is supported in
GnuTLS 2.10, there are bugs reported against libsoup, lftp and other
software that they cannot use SSL when linked against latest GnuTLS.
Then there are patches that additionally disable TLS 1.2. It is
unfortunate, as it decreases an incentive to fix servers - many clients
will not use TLS anyway; but there is little that can be done about that
from libsoup's point of view except migrating to NSS.

(I mention NSS and not OpenSSL because Fedora project seems to promote
optional NSS support in every cryptography-needing application with
standard needs - and Fedora sends patches for that upstream; they
haven't reached libsoup in their roadmap yet).

I didn't know that this GnuTLS minor version increase changes the set of
supported TLS versions, and so I looked for a problem in libsoup version
or WebKit update before I finally found the real solution (which is not
really a solution, but at least it works).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMOvARAAoJEE6tnN0aWvw3bZQH/RdC8Rlzmo0Y4HGiBV/gCDmE
aVxFuCFH6OrrsFRW83FjxbLsB7L6YK/8ZwBriJYr8ysVXGw2HM8Eiwwb4AxrA6FJ
8nZaR00ywGZHf5v5Cc0rvYGFxgOrEWbeNeG/qCUVmBBYMsqPq7B9CpFGZNMBHZya
ZXpwE4EDMtzKhFZn7qAyF98xcnBHMPiqn7WIMHVYa2UecviBsvFPg2+ZkIXJpigA
QPwJDy/E4tvBellceyLSKms77P0YkFVazlL6JNyRfrw65I6g19tSPiRYaZp8cgs+
JdwtZvs7+NI0IlISXzm65PphElFr4teEFcIbq6qJW0Z6C78DrAwRIrFMXGxgp5Q=
=6Dvz
-----END PGP SIGNATURE-----

More information about the nix-dev mailing list