On Mon, 2019-05-13 at 07:59 -0700, James Bottomley wrote:
> As for how to apply the fix (assuming we can find it), this is a hard
> one. Clearly the bug was always present, but the conditions that
> trip it remained untested until people started turning on TLSv1.3.
> I think the best way forward is to open bugs with the distros and see
> what they want to do: Either find and fix the bug or update to 2.55.2.
Hi,
I see. That would work until a new version of the TLS is released and
implemented and advertised by the servers with clients which probably
know about it (due to new enough gnutls being installed, right?), but
its usage in glib-networking failing for whatever reason.
> Just to clarify, the server isn't requiring a particular version,
> it's offering a set of options and we're choosing TLSv1.3 which we
> then can't negotiate successfully, so the bug is client side but
> triggered both by the client going to a gnutls (or probably openssl
> but I can't test that) version that makes 1.3 possible and the server
> offering it as an option.
Oh, you are right, I'm sorry for misinterpreting it.
Maybe the glib-networking can be changed to try a lower version(s)
(when allowed to), when the best it thinks it can use fails with this
error (meaning if the server advertises TLS versions 1.2 and 1.3, the
client can try with 1.3 and if it fails, then retry with 1.2). I'd
expect such naive "solution" would work on the gnutls level
transparently though. I do not know gnutls, nor glib-networking, thus
this is really just a very naive idea.
Consider filling a bug against glib-networking [1] and ask them whether
they can do anything about it. You've a clear view what is going on in
the background, thus you'd be able to explain the problem to them. Feel
free to use the test program to your liking.
By the way, the openssl implementation for glib-networking is very new,
released as part of the 2.60.0, on March 11 [2].
Bye,
Milan
[1] https://gitlab.gnome.org/GNOME/glib-networking/issues/new
[2] https://gitlab.gnome.org/GNOME/glib-networking/blob/2.60.0/NEWS#L1
_______________________________________________
evolution-hackers mailing list
[email protected]
To change your list options or unsubscribe, visit ...
https://mail.gnome.org/mailman/listinfo/evolution-hackers
