** No longer affects: gnutls26 (Ubuntu)
** Tags removed: ssl tls
** Tags added: patch trusty
** Bug watch removed: Debian Bug tracker #767610
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767610
--
You received this bug notification because you are a member of Ubuntu
Touch seeded
Hi Seth,
I've attached a debdiff which is generated off the latest gnutls26
package: 2.12.23-12ubuntu2.7. That said, no changes to my earlier patch
were required to apply cleanly. Hopefully this is what you're after?
I should also add that this patch should ideally be reviewed by someone
Hello Samuel, thanks for doing this investigation. This feels like a
reasonable change to address through a Stable Release Update; the
process is a bit involved, but largely so we're sure we don't break
existing users in the process.
Are you in a position where you can prepare a debdiff? There's
We encountered this bug today and it has the potential to be pretty
nasty if you're unfortunate enough to hit it. In our case we have
several systems which perform authentication against a Windows domain
using LDAPS. We recently updated the TLS certificate on those systems
and all the services
It looks like the servers listed in the bug description require SIGN-
RSA-SHA384, which gnutls26 doesn't support.
The issue can be reproduced with gnutls28 by disabling the additional
signature algorithms:
gnutls-cli --priority "NORMAL:-SIGN-ECDSA-SHA256:-SIGN-RSA-SHA384:-SIGN-
FWIW, our ldapserver uses the following, which gnutls26 does not support
but gnutls30 in wily does:
- Status: The certificate is trusted.
- Successfully sent 0 certificate(s) to server.
- Description: (TLS1.2)-(ECDHE-RSA-SECP256R1)-(AES-256-CBC)-(SHA384)
- Session ID:
Update to libgnutls26-2.12.23-12ubuntu2.5 broke ldapsearch and Apache
Directory Studio for me in particular. Whatever the previous version
was worked fine. Now, when trying to connect via TLS or SSL to our ldap
server, I get the following with gnutls-cli:
# gnutls-cli --print-cert -p 636
This bug breaks MetaTrader 4 installation process under wine
(https://download.mql5.com/cdn/web/metaquotes.software.corp/mt4/mt4setup.exe).
This sounds like some regression, as older TLS authentication worked fine.
--
You received this bug notification because you are a member of Ubuntu
Touch
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: gnutls26 (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in Ubuntu.
This seems like a bug that should be fixed in the LTS rather than
requesting a backport. The 3.2.11 version is available in trusty, but
it's only community supported and doesn't have the utilities built since
it's not the officially supported version. The version with 5 year
support from
This would be IDEAL if it were fixed in the LTS.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to gnutls26 in Ubuntu.
https://bugs.launchpad.net/bugs/1444656
Title:
GnuTLS TLS 1.2 handshake failure
Status in gnutls26
11 matches
Mail list logo
