[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#803204: libiksemel: utterly insecure GNUTLS settings


On 2015-11-12 11:04, Simon Josefsson wrote:
I would suggest to use gnutls_set_default_priority() instead of
hard-coding a priority string into applications.  Your hard coded
priority string will be just as obsolete as the hard coded values you
are replacing in a couple of years.

You're right, this is a better way to setup priorities. Please see my patch as an urgent fix only. I asked the maintainer to review it as he should have more experience than me. Besides, when I made this patch I had the user setup in mind: the library could (and should) easily accept a string from the caller software in order to allow different restrictions if the user wishes so (and fallback to your suggestion if not provided).

I also think upstream should be contacted, not sure it was done. I can't see a stable upload coming either.


Marc Dequènes

Reply to: