[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#25061: consider adding %COMPAT to default gnutls priority string

From: Ted Zlatanov
Subject: bug#25061: consider adding %COMPAT to default gnutls priority string
Date: Mon, 11 Dec 2017 10:03:42 -0500
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)

On Sun, 10 Dec 2017 16:12:20 +0200 Eli Zaretskii <address@hidden> wrote: 

>> From: Ted Zlatanov <address@hidden>
>> Cc: address@hidden,  address@hidden,  address@hidden,  address@hidden,  
>> address@hidden
>> Date: Sun, 10 Dec 2017 08:29:27 -0500
>> It would change behavior for everyone for the sake of fixing a few
>> setups. Does %DUMBFW or %COMPAT create a risk that's not justified by
>> the functionality it provides? These exceptions have a way of living
>> long past their expiration date.
>> If we're confident that's the right thing, then let's change it in the
>> release and add a note in the docs. I'm OK with the change; any other
>> comments? What should be the actual string?

EZ> You mean, should we use %COMPAT or %DUMBFW?  I think the latter.  But
EZ> if no one can reproduce the problem and verify the fix, I think we
EZ> should simply describe the problem in PROBLEMS and leave the code
EZ> intact.

The GnuTLS docs say it "will add a private extension with bogus data
that make the client hello exceed 512 bytes. This avoids a black hole
behavior in some firewalls. This is the [RFC7685] client hello padding
extension, also enabled with %COMPAT." 

To me this appears benign and without downsides.

Can anyone knowledgeable comment on any possible downsides to this? I'll
wait 3 days for objections, then make the change in emacs-26.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]