Re: exim4 & libgnutls26: "A TLS packet with unexpected length was received."
On 29.03.17 16:36, Antoine Beaupré wrote:
> Is this a regression in GnuTLS? Or just an aggravating problem from the
> rising adoption of SHA-512?
I don't think the only problem with libgnutls26 is SHA-512. As it seems
the mentioned error can occur in many situations, some for example write
about "the random size padding of packets to prevent communications
compromise for stream ciphers" . I personally believe it is not
related to the SHA-512 issue, since the error from Exim is slightly
different in that case:
"...(gnutls_handshake): A TLS packet with..." opposed to the one I see
mostly "...(recv): A TLS packet with...".
To conclude: I don't know why that error occurs nor whether it came from
a regression or if it always has been there.
> I would tend towards fixing this only if it's the former, not the
> latter. This is, after all, why we want people to upgrade...
It is wise to upgrade in many situations and I completely agree that the
newer versions solve many problems. There are situations though, where
upgrading is difficult, is not yet feasible and for those situations LTS
Is backporting a newer version an option?
 comment #3 under
044 291 02 38
(This eMail gets best displayed
using a monospace font.)