[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnutls 2.9.10 breaks exim4 TLS (Denying unsafe (re)negotiation.)
From: |
Andreas Metzler |
Subject: |
Re: gnutls 2.9.10 breaks exim4 TLS (Denying unsafe (re)negotiation.) |
Date: |
Sat, 8 May 2010 10:46:29 +0200 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On 2010-05-08 Nikos Mavrogiannopoulos <address@hidden> wrote:
[...]
> How easy would it be for exim to use gnutls_priority_* functions? The
> others have been deprecated for quite a time. Moreover it would be
> easier for exim to setup a configuration string for the
> priority_set_direct function.
[...]
Hello,
Doable, but not without pain. Exim exposes the gnutls_priority_*
functions to the user (see options tls_require_ciphers et al in
http://docs.exim.org/current/spec_html/ch39.html#SECTreqciphgnu)
switching would cause an configuration file syntax change. - It could
either ignore the old settings while still warning about them or
throw an error (invalid setting).
FWIW I think my guess was correct, after making the following change to
exim the session succeeds.
-----------------------------------
--- exim4-4.71.orig/src/tls-gnu.c
+++ exim4-4.71/src/tls-gnu.c
@@ -780,11 +780,15 @@ if ((expciphers != NULL &&
/* Define the various priorities */
-gnutls_cipher_set_priority(session, cipher_priority);
+/* gnutls_cipher_set_priority(session, cipher_priority);
gnutls_compression_set_priority(session, comp_priority);
gnutls_kx_set_priority(session, kx_priority);
gnutls_protocol_set_priority(session, proto_priority);
-gnutls_mac_set_priority(session, mac_priority);
+gnutls_mac_set_priority(session, mac_priority); */
+
+fprintf (stderr, "amdebug 1 different priority stuff\n");
+gnutls_priority_set_direct (session, "NORMAL", NULL);
+fprintf (stderr, "amdebug 1 done\n");
gnutls_cred_set(session, GNUTLS_CRD_CERTIFICATE, x509_cred);
-----------------------------------
cu andreas