I believe we have identified that the problem in this bug is the MAC padding. We brought this up on the IETF TLS list:
http://thread.gmane.org/gmane.ietf.tls/3079 Pasi forwarded this to the Symbian TLS team, and my understanding is that it is a known bug with the Symbian TLS implementation. GnuTLS won't change the default to cater with broken implementations, at least not without more justification that it is a widespread problem. I think this bug can be resolved as 'wontfix'. Further, GnuTLS 2.2+ provides a mechanism to work around bugs in implementations. You should be able to connect the Nokia E90 to gnutls-serv if you start it as: $ gnutls-serv --priority "NORMAL:%COMPAT" Applications can use the following functions to implement similar behaviour: int gnutls_priority_init( gnutls_priority_t*, const char *priority, const char** err_pos); void gnutls_priority_deinit( gnutls_priority_t); int gnutls_priority_set(gnutls_session_t session, gnutls_priority_t); int gnutls_priority_set_direct(gnutls_session_t session, const char *priority, const char** err_pos); I recommend that applications offer a way to set the GnuTLS priority string in a configuration file, and to default it to 'NORMAL'. It is extra good if the application allows users to set the GnuTLS priority on a per-IP basis, so that administrators doesn't have to decrease security to cater for a few broken devices. Given this, I think gnutls has done what it can about this bug, and it might be appropriate to even close it, rather than leaving it in wontfix. Is there anything more we can do about this bug? Suggestions are most welcome. /Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
