[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MH
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD |
Date: |
Mon, 23 Jan 2012 23:05:43 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111114 Icedove/3.1.16 |
On 01/23/2012 10:18 PM, Daniel Stenberg wrote:
> On Mon, 23 Jan 2012, Daniel Stenberg wrote:
>
>> We only had a total of 210 commits in curl between 7.22.0 and 7.23.0
>> so bisecting shouldn't be too time consuming if the procedure to get
>> the bug to appear isn't too slow.
>
> Ok, so my bisecting identified the attached commit as the offender. If I
> revert this change the libmicrohttpd test seems to run correctly again.
>
> I would appreciate if someone else helped me verify this.
It doesn't look right. I'd change "-VERS-TLS-ALL:+VERS-SSL3.0" with
"NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0".
However your priority string seem quite radical. You only allow SSL 3.0.
If you care about interoperability I'd suggest a string similar to
http://www.gnu.org/software/gnutls/manual/html_node/Interoperability.html
but even then you have issues like being vulnerable to the "beast" attack.
regards,
Nikos
btw. gnutls 3.0.12 added a check for gnutls_priority_set_direct() to
fail if given a string that adds no actual priorities (like the above).
- [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Christian Grothoff, 2012/01/19
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Simon Josefsson, 2012/01/19
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Nikos Mavrogiannopoulos, 2012/01/19
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Piotr Grzybowski, 2012/01/20
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Piotr Grzybowski, 2012/01/20
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/20
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Christian Grothoff, 2012/01/23
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/23
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/23
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD,
Nikos Mavrogiannopoulos <=
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/23
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Nikos Mavrogiannopoulos, 2012/01/23
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Nikos Mavrogiannopoulos, 2012/01/23
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/23
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Nikos Mavrogiannopoulos, 2012/01/23
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/24
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/23
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Christian Grothoff, 2012/01/23