[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#10904: 24.0.93; Infinite loop in GnuTLS code during Gnus nnimap-init
bug#10904: 24.0.93; Infinite loop in GnuTLS code during Gnus nnimap-initiated SSL handshake
Tue, 10 Apr 2012 07:54:01 -0400
Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.0.95 (gnu/linux)
On Mon, 09 Apr 2012 23:07:34 -0400 Thomas Fitzsimmons <address@hidden> wrote:
TF> I tried trunk against my IMAP server and the applied patch prevents the
TF> infinite loop. At the default gnutls-log-level, a connection attempt
TF> fails with:
TF> Warning: Opening nnimap server on <imap_server_hostname>...failed: ; Unable
to open server nnimap+<imap_server_hostname> due to: GnuTLS error: #<process
TF> gnutls.c:  (Emacs) fatal error: The specified session has been
invalidated for some reason.
TF> A nice improvement would be to detect when the server uses a ciphersuite
TF> that GnuTLS's default priority list ("NORMAL") rejects, warn the user,
TF> and ask if they want to retry with a more permissive list
TF> ("PERFORMANCE"). But that's a separate enhancement -- for now your
TF> patch fixes the infinite loop and setting gnutls-algorithm-priority to
TF> "performance" works around the server's weak ciphersuite.
I plan to follow Nikos' advice here:
so we'll drop from NORMAL to PERFORMANCE, basically, if the user
approves. After the 24.1 release I'll look at this.