[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] wget sets gnutls priority multiple times
|
From: |
Tim Ruehsen |
|
Subject: |
Re: [Bug-wget] wget sets gnutls priority multiple times |
|
Date: |
Tue, 20 Dec 2016 14:59:08 +0100 |
|
User-agent: |
KMail/5.2.3 (Linux/4.8.0-2-amd64; KDE/5.28.0; x86_64; ; ) |
On Tuesday, December 20, 2016 12:38:18 PM CET Nikos Mavrogiannopoulos wrote:
> On Tue, 2016-12-20 at 09:26 +0100, Tim Ruehsen wrote:
> > On Monday, December 19, 2016 4:09:08 PM CET Nikos Mavrogiannopoulos
> >
> > wrote:
> > > Hi,
> > > While debugging some issue in Fedora [0] I've realized that wget
> > > calls
> > > the gnutls priority functions multiple times, and that confuses
> > > gnutls
> > > on certain cases. In src/gnutls.c wget calls
> > > gnutls_set_default_priority (session) which sets the default cipher
> > > priorities according to the system policy. However, at the
> > > following
> > > lines it overwrites that policy in the switch
> > > (opt.secure_protocol).
> > >
> > > In particular, when no options are given it enters:
> > > ```
> > > case secure_protocol_auto:
> > > err = gnutls_priority_set_direct (session,
> > > "NORMAL:%COMPAT:-VERS-SSL3.0", NULL); ```
> > >
> > > That means that the default policy set above is overwritten. A
> > > possible
> > > fix is attached. That ensures that the priorities are set only once
> > > and
> > > that the default priorities are used when no options are specified
> > > (the
> > > latter is important for Fedora which ensures that
> > > gnutls_set_default_priority() sets a priority string according to
> > > the
> > > system-wide policies.
> > >
> > > The use of keyword %COMPAT is replaced by calling
> > > gnutls_session_enable_compatibility_mode().
> >
> > Thanks, Nikos.
> >
> > I like the idea of having a system wide TLS/security policy.
> >
> > But what happens when wget is build with an older version of GnuTLS
> > that
> > doesn't disable SSL3.0 by default ? Before your change, these people
> > where
> > 'save' from using SSL, with your change applied we introduce
> > insecurity by default.
>
> Note that disabling SSL3.0 wouldn't matter much for wget. That is, you
> do not do insecure fallbacks as browsers used to do, thus you would
> only negotiate SSL 3.0 if you share no other common protocol with the
> server (any attempt to influence that negotiation by an adversary will
> be caught during the TLS handshake).
Thanks for the patch and for restoring my memory.
I just pushed your commit.
Also, IMO people should *first* update their TLS backend and than look at the
application code.
Regards, Tim
signature.asc
Description: This is a digitally signed message part.