On 29.03.17 16:36, Antoine Beaupré wrote: > Is this a regression in GnuTLS? Or just an aggravating problem from the > rising adoption of SHA-512?
I don't think the only problem with libgnutls26 is SHA-512. As it seems the mentioned error can occur in many situations, some for example write about "the random size padding of packets to prevent communications compromise for stream ciphers" [1]. I personally believe it is not related to the SHA-512 issue, since the error from Exim is slightly different in that case: "...(gnutls_handshake): A TLS packet with..." opposed to the one I see mostly "...(recv): A TLS packet with...". To conclude: I don't know why that error occurs nor whether it came from a regression or if it always has been there. > I would tend towards fixing this only if it's the former, not the > latter. This is, after all, why we want people to upgrade... It is wise to upgrade in many situations and I completely agree that the newer versions solve many problems. There are situations though, where upgrading is difficult, is not yet feasible and for those situations LTS is great. Is backporting a newer version an option? Regards, Adrian. [1] comment #3 under https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1111882 -- .~.. _ //__ ~~~~~~~~~~~~\°___/~~~~~~~ Adrian Zaugg Zweierstrasse 56 CH-8004 Zürich 044 291 02 38 _________________________ (This eMail gets best displayed using a monospace font.)
