Re: MAC padding (Debian Bug #390712)

[Andreas Metzler]

On 2008-01-03 Marc Haber <address@hidden> wrote:
[...]
> Debian Bug #390712, http://bugs.debian.org/390712
> =================================================
> Simon writes:
> >  Appears to be triggered by GnuTLS implementing MAC padding to solve a
> >  security problem in TLS. OpenSSL reportedly does not implement the
> >  same work around, and would thus appear to be vulnerable to that
> >  problem.
> >  Conclusion: Appears to be a ???wontfix??? bug. Personally, I think GnuTLS
> >  could provide a simpler mechanism to disable MAC padding if
> >  applications deem this necessary. Someone could double check how
> >  important the MAC padding security concern is.

> I disagree about the "wontfix" bug. We have an interoperability issue
> here, where the end user notices "things work when I use OpenSSL or do
> not use TLS at all, only GnuTLS breaks". In the result, the end user
> will use OpenSSL or no TLS at all, which reduces GnuTLS user base and
> cryptography coverage.

> I would like to see a mechanism to disable MAC padding if it is really
> the culprit here.

Hello,

AFAIUI that has been done on the gnutls side of things:
------------------------------
* Version 2.0.3 (released 2007-11-10)

** Added gnutls_record_disable_padding() to allow servers talking to
buggy clients that complain if the TLS 1.0 record protocol padding is
used.

** Introduced gnutls_session_enable_compatibility_mode() to allow
enabling all supported compatibility options (like disabling padding).
------------------------------

thanks, cu andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'