[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bug#623001: libgnutls26: fails to handshake on a number of sites (fi
|
From: |
Gustavo Noronha Silva |
|
Subject: |
Re: Bug#623001: libgnutls26: fails to handshake on a number of sites (firefox works) |
|
Date: |
Sat, 16 Apr 2011 17:19:32 -0300 |
On Sat, 2011-04-16 at 18:05 +0200, Nikos Mavrogiannopoulos wrote:
> On 04/16/2011 05:54 PM, Andreas Metzler wrote:
>
> > thank you for taking the time to test the packages in experimental. I
> > can reproduce the bug.
> >
> > For clarification it is not caused by libgcrypt11 from experimental,
> > libgnutls26 2.12.2-1 with stable libgcrypt11 also fails. Attached
> > verbose log is not a lot more enlightening.
>
> d3nwyuy0nl342s.cloudfront.net seems to support only one ciphersuite.
> That is ARCFOUR-128 with HMAC-MD5. I disabled HMAC-MD5 from the default
> set in 2.12.0 because it is not really trusted as an HMAC any more.
> If however this is widespread issue I'll reinstate HMAC-MD5 and
> remove it when a real attack is known.
I've seen the issue in quite a few prominent web sites, though the only
one I have off the top of my mind currently is github, so I think
restoring HMAC-MD5 is probably wise for the time being, for
compatibility, indeed.
Cheers,
--
Gustavo Noronha Silva <address@hidden>
Debian Project