Re: exim4 & libgnutls26: "A TLS packet with unexpected length was received."

[Adrian Zaugg <adi@ente.limmat.ch>]

On 29.03.17 16:36, Antoine Beaupré wrote:
> Is this a regression in GnuTLS? Or just an aggravating problem from the
> rising adoption of SHA-512?

I don't think the only problem with libgnutls26 is SHA-512. As it seems
the mentioned error can occur in many situations, some for example write
about "the random size padding of packets to prevent communications
compromise for stream ciphers" [1]. I personally believe it is not
related to the SHA-512 issue, since the error from Exim is slightly
different in that case:
"...(gnutls_handshake): A TLS packet with..." opposed to the one I see
mostly "...(recv):  A TLS packet with...".

To conclude: I don't know why that error occurs nor whether it came from
a regression or if it always has been there.

> I would tend towards fixing this only if it's the former, not the
> latter. This is, after all, why we want people to upgrade...

It is wise to upgrade in many situations and I completely agree that the
newer versions solve many problems. There are situations though, where
upgrading is difficult, is not yet feasible and for those situations LTS
is great.

Is backporting a newer version an option?

Regards, Adrian.


[1] comment #3 under
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1111882


-- 
               .~..
            _ //__
~~~~~~~~~~~~\°___/~~~~~~~

Adrian Zaugg
Zweierstrasse 56
CH-8004 Zürich

044 291 02 38
_________________________


(This eMail gets best displayed
 using a monospace font.)