On Tuesday, December 20, 2016 12:38:18 PM CET Nikos Mavrogiannopoulos wrote: > On Tue, 2016-12-20 at 09:26 +0100, Tim Ruehsen wrote: > > On Monday, December 19, 2016 4:09:08 PM CET Nikos Mavrogiannopoulos > > > > wrote: > > > Hi, > > > While debugging some issue in Fedora [0] I've realized that wget > > > calls > > > the gnutls priority functions multiple times, and that confuses > > > gnutls > > > on certain cases. In src/gnutls.c wget calls > > > gnutls_set_default_priority (session) which sets the default cipher > > > priorities according to the system policy. However, at the > > > following > > > lines it overwrites that policy in the switch > > > (opt.secure_protocol). > > > > > > In particular, when no options are given it enters: > > > ``` > > > case secure_protocol_auto: > > > err = gnutls_priority_set_direct (session, > > > "NORMAL:%COMPAT:-VERS-SSL3.0", NULL); ``` > > > > > > That means that the default policy set above is overwritten. A > > > possible > > > fix is attached. That ensures that the priorities are set only once > > > and > > > that the default priorities are used when no options are specified > > > (the > > > latter is important for Fedora which ensures that > > > gnutls_set_default_priority() sets a priority string according to > > > the > > > system-wide policies. > > > > > > The use of keyword %COMPAT is replaced by calling > > > gnutls_session_enable_compatibility_mode(). > > > > Thanks, Nikos. > > > > I like the idea of having a system wide TLS/security policy. > > > > But what happens when wget is build with an older version of GnuTLS > > that > > doesn't disable SSL3.0 by default ? Before your change, these people > > where > > 'save' from using SSL, with your change applied we introduce > > insecurity by default. > > Note that disabling SSL3.0 wouldn't matter much for wget. That is, you > do not do insecure fallbacks as browsers used to do, thus you would > only negotiate SSL 3.0 if you share no other common protocol with the > server (any attempt to influence that negotiation by an adversary will > be caught during the TLS handshake).
Thanks for the patch and for restoring my memory. I just pushed your commit. Also, IMO people should *first* update their TLS backend and than look at the application code. Regards, Tim
signature.asc
Description: This is a digitally signed message part.