[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: exim4 & libgnutls26: "A TLS packet with unexpected length was received."

On 29.03.17 16:36, Antoine Beaupré wrote:
> Is this a regression in GnuTLS? Or just an aggravating problem from the
> rising adoption of SHA-512?

I don't think the only problem with libgnutls26 is SHA-512. As it seems
the mentioned error can occur in many situations, some for example write
about "the random size padding of packets to prevent communications
compromise for stream ciphers" [1]. I personally believe it is not
related to the SHA-512 issue, since the error from Exim is slightly
different in that case:
"...(gnutls_handshake): A TLS packet with..." opposed to the one I see
mostly "...(recv):  A TLS packet with...".

To conclude: I don't know why that error occurs nor whether it came from
a regression or if it always has been there.

> I would tend towards fixing this only if it's the former, not the
> latter. This is, after all, why we want people to upgrade...

It is wise to upgrade in many situations and I completely agree that the
newer versions solve many problems. There are situations though, where
upgrading is difficult, is not yet feasible and for those situations LTS
is great.

Is backporting a newer version an option?

Regards, Adrian.

[1] comment #3 under

            _ //__

Adrian Zaugg
Zweierstrasse 56
CH-8004 Zürich

044 291 02 38

(This eMail gets best displayed
 using a monospace font.)

Reply to: