bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#10904: 24.0.93; Infinite loop in GnuTLS code during Gnus nnimap-init

From: Ted Zlatanov
Subject: bug#10904: 24.0.93; Infinite loop in GnuTLS code during Gnus nnimap-initiated SSL handshake
Date: Tue, 10 Apr 2012 07:54:01 -0400
User-agent: Gnus/5.130004 (Ma Gnus v0.4) Emacs/24.0.95 (gnu/linux) 
On Mon, 09 Apr 2012 23:07:34 -0400 Thomas Fitzsimmons <fitzsim@fitzsim.org> 
wrote: 

TF> I tried trunk against my IMAP server and the applied patch prevents the
TF> infinite loop.  At the default gnutls-log-level, a connection attempt
TF> fails with:

TF> Warning: Opening nnimap server on <imap_server_hostname>...failed: ; Unable 
to open server nnimap+<imap_server_hostname> due to: GnuTLS error: #<process 
*nnimap*>, -9
TF> gnutls.c: [0] (Emacs) fatal error: The specified session has been 
invalidated for some reason.

Wonderful.

TF> A nice improvement would be to detect when the server uses a ciphersuite
TF> that GnuTLS's default priority list ("NORMAL") rejects, warn the user,
TF> and ask if they want to retry with a more permissive list
TF> ("PERFORMANCE").  But that's a separate enhancement -- for now your
TF> patch fixes the infinite loop and setting gnutls-algorithm-priority to
TF> "performance" works around the server's weak ciphersuite.

I plan to follow Nikos' advice here:

http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6017

so we'll drop from NORMAL to PERFORMANCE, basically, if the user
approves.  After the 24.1 release I'll look at this.

Ted
reply via email to
[Prev in Thread] Current Thread [Next in Thread]