FYI, the upcoming GnuTLS 2.1.7 have a new API where applications can
provide a string to gnutls to set protocol priorities, and it can be
used to disable padding. An application could call:
gnutls_priority_set_direct (session, "NORMAL:%COMPAT", NULL, 0);
Instead of calling gnutls_set_default_pri
OpenSSL does not support random padding. They handle TLS 1.0 padding exactly
as SSL 3.0, thus this issue does not occur there. I believe that random padding
is important feature that avoids statistical attacks on the data, so
it's enabled by default
in gnutls.
On 11/5/07, Simon Josefsson <[EMAIL
Nikos wrote:
> Ok it seems that with the help of Hanno Wagner I managed to debug this issue.
> These clients fail to understand TLS 1.0 record packets with a padding added.
> This only occurs when using non stream ciphers (i.e. not arcfour) and does
> not occur when using SSL 3.0 which does not
3 matches
Mail list logo
