[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1]
From: |
Simon Josefsson |
Subject: |
Re: GnuTLS 2.2.4 - Security release [GNUTLS-SA-2008-1] |
Date: |
Mon, 19 May 2008 21:43:32 +0200 |
User-agent: |
Gnus/5.110009 (No Gnus v0.9) Emacs/22.2 (gnu/linux) |
Simon Josefsson <address@hidden> writes:
> I don't understand why the self-tests didn't catch something like this
> though.
I looked into this, and the reason is that the self tests uses TLS 1.1
and uses record padding. The incorrect debug message check was only
triggered for incoming packet shorter than the hash size plus the
blocksize, which can happen if the server sends a short message. If TLS
1.1 is used, an IV is always sent so the packet becomes longer, or if
padding is used, the packet typically also becomes longer.
My patch in the other message appears to be the right thing. I'll
release 2.2.5 with it.
/Simon