[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#25061: consider adding %COMPAT to default gnutls priority string
From: |
Ted Zlatanov |
Subject: |
bug#25061: consider adding %COMPAT to default gnutls priority string |
Date: |
Mon, 11 Dec 2017 10:03:42 -0500 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) |
On Sun, 10 Dec 2017 16:12:20 +0200 Eli Zaretskii <eliz@gnu.org> wrote:
>> From: Ted Zlatanov <tzz@lifelogs.com>
>> Cc: wingo@igalia.com, 25061@debbugs.gnu.org, ludo@gnu.org,
>> michael.albinus@gmx.de, larsi@gnus.org
>> Date: Sun, 10 Dec 2017 08:29:27 -0500
>>
>> It would change behavior for everyone for the sake of fixing a few
>> setups. Does %DUMBFW or %COMPAT create a risk that's not justified by
>> the functionality it provides? These exceptions have a way of living
>> long past their expiration date.
>>
>> If we're confident that's the right thing, then let's change it in the
>> release and add a note in the docs. I'm OK with the change; any other
>> comments? What should be the actual string?
EZ> You mean, should we use %COMPAT or %DUMBFW? I think the latter. But
EZ> if no one can reproduce the problem and verify the fix, I think we
EZ> should simply describe the problem in PROBLEMS and leave the code
EZ> intact.
The GnuTLS docs say it "will add a private extension with bogus data
that make the client hello exceed 512 bytes. This avoids a black hole
behavior in some firewalls. This is the [RFC7685] client hello padding
extension, also enabled with %COMPAT."
https://gnutls.org/manual/html_node/Priority-Strings.html
To me this appears benign and without downsides.
Can anyone knowledgeable comment on any possible downsides to this? I'll
wait 3 days for objections, then make the change in emacs-26.
Thanks
Ted
- bug#25061: consider adding %COMPAT to default gnutls priority string, Eli Zaretskii, 2017/12/02
- bug#25061: consider adding %COMPAT to default gnutls priority string, Ted Zlatanov, 2017/12/09
- bug#25061: consider adding %COMPAT to default gnutls priority string, Eli Zaretskii, 2017/12/10
- bug#25061: consider adding %COMPAT to default gnutls priority string, Ted Zlatanov, 2017/12/10
- bug#25061: consider adding %COMPAT to default gnutls priority string, Eli Zaretskii, 2017/12/10
- bug#25061: consider adding %COMPAT to default gnutls priority string,
Ted Zlatanov <=
- bug#25061: consider adding %COMPAT to default gnutls priority string, Eli Zaretskii, 2017/12/11
- bug#25061: consider adding %COMPAT to default gnutls priority string, Ted Zlatanov, 2017/12/14
- bug#25061: consider adding %COMPAT to default gnutls priority string, Philipp Stephani, 2017/12/16
- bug#25061: consider adding %COMPAT to default gnutls priority string, Ted Zlatanov, 2017/12/16
- bug#25061: consider adding %COMPAT to default gnutls priority string, Eli Zaretskii, 2017/12/16
- bug#25061: consider adding %COMPAT to default gnutls priority string, Eli Zaretskii, 2017/12/17
- bug#25061: consider adding %COMPAT to default gnutls priority string, Ted Zlatanov, 2017/12/19
- bug#25061: consider adding %COMPAT to default gnutls priority string, Philipp Stephani, 2017/12/17
bug#25061: consider adding %COMPAT to default gnutls priority string, Michael Albinus, 2017/12/10