GNU bug report logs - #10904
24.0.93; Infinite loop in GnuTLS code during Gnus nnimap-initiated SSL handshake

Previous Next

Full log

Message #41 received at 10904 <at> debbugs.gnu.org (full text, mbox):

From: Ted Zlatanov <tzz <at> lifelogs.com>
To: Thomas Fitzsimmons <fitzsim <at> fitzsim.org>
Cc: Lars Magne Ingebrigtsen <larsi <at> gnus.org>, 10904 <at> debbugs.gnu.org
Subject: Re: bug#10904: 24.0.93;
	Infinite loop in GnuTLS code during Gnus nnimap-initiated SSL
	handshake
Date: Tue, 10 Apr 2012 07:54:01 -0400

On Mon, 09 Apr 2012 23:07:34 -0400 Thomas Fitzsimmons <fitzsim <at> fitzsim.org> wrote: 

TF> I tried trunk against my IMAP server and the applied patch prevents the
TF> infinite loop.  At the default gnutls-log-level, a connection attempt
TF> fails with:

TF> Warning: Opening nnimap server on <imap_server_hostname>...failed: ; Unable to open server nnimap+<imap_server_hostname> due to: GnuTLS error: #<process *nnimap*>, -9
TF> gnutls.c: [0] (Emacs) fatal error: The specified session has been invalidated for some reason.

Wonderful.

TF> A nice improvement would be to detect when the server uses a ciphersuite
TF> that GnuTLS's default priority list ("NORMAL") rejects, warn the user,
TF> and ask if they want to retry with a more permissive list
TF> ("PERFORMANCE").  But that's a separate enhancement -- for now your
TF> patch fixes the infinite loop and setting gnutls-algorithm-priority to
TF> "performance" works around the server's weak ciphersuite.

I plan to follow Nikos' advice here:

http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6017

so we'll drop from NORMAL to PERFORMANCE, basically, if the user
approves.  After the 24.1 release I'll look at this.

Ted

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.