Debian Bug report logs - #402861
errors establishing TLS session from Nokia and SE mobile phones

Package: libgnutls13; Maintainer for libgnutls13 is (unknown);

Reported by: mh+debian-packages@zugschlus.de

Date: Mon, 2 Oct 2006 17:48:26 UTC

Severity: normal

Tags: help, wontfix

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#390712; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Stian Jordet <stian@jordet.net>:
New Bug report received and forwarded. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Stian Jordet <stian@jordet.net>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: exim4-daemon-heavy: A TLS fatal alert has been received.: Bad record MAC
Date: Mon, 02 Oct 2006 19:39:09 +0200
Package: exim4-daemon-heavy
Version: 4.63-4
Severity: normal


Another one of those beloved tls-bugs. I recently got myself a
SonyEricsson P990 smart phone. When trying to send mail with tls (the
same happens using ssl on port 465), the phone asks me to accept the
certificate, and then says "Secure session failed". I get this in my
Exim log:

2006-10-02 18:49:23 SMTP connection from [192.168.1.8]:59691 I=[193.91.240.190]:25 (TCP/IP connection
count = 1)
2006-10-02 18:49:23 no host name found for IP address 192.168.1.8
2006-10-02 18:49:27 TLS recv error on connection from [192.168.1.8]:59691: A TLS fatal alert has been
received.: Bad record MAC
18:49:27 TLS send error on connection from [192.168.1.8]:59691: The specified session has been
invalidated for some reason.

TLS works fine with Thundebird and Evolution, and did work fine with
my previous smart phone (SE P910), so this may sound like a phone bug.
_But_ when I try to send with tls through a sendmail server, it works
fine. I suspect that this is due to the fact that sendmail uses
openssl, and exim gnutls, but I have no evidence of that.

The error message isn't very helpful neither ("for some reason").

Any insight?

Best regards,
Stian

-- Package-specific info:
Exim version 4.63 #1 built 01-Oct-2006 14:42:48
Copyright (c) University of Cambridge 2006
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September  6, 2005)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/exim4/exim4.conf

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18
Locale: LANG=no_NO, LC_CTYPE=no_NO (charmap=ISO-8859-1)

Versions of packages exim4-daemon-heavy depends on:
ii  exim4-base              4.63-4           support files for all exim MTA (v4
ii  libc6                   2.3.6.ds1-4      GNU C Library: Shared libraries
ii  libdb4.3                4.3.29-6         Berkeley v4.3 Database Libraries [
ii  libgnutls13             1.4.4-1          the GNU TLS library - runtime libr
ii  libldap2                2.1.30-13+b1     OpenLDAP libraries
ii  libmysqlclient15off     5.0.24a-5        mysql database client library
ii  libpam0g                0.79-3.2         Pluggable Authentication Modules l
ii  libpcre3                6.7-1            Perl 5 Compatible Regular Expressi
ii  libperl5.8              5.8.8-6.1        Shared Perl library
ii  libpq4                  8.1.4-7          PostgreSQL C client library
ii  libsasl2                2.1.19.dfsg1-0.5 Authentication abstraction library

exim4-daemon-heavy recommends no packages.

-- no debconf information



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#390712; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #10 received at 390712@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Stian Jordet <stian@jordet.net>, 390712@bugs.debian.org, 390712-submitter@bugs.debian.org
Cc: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Re: Bug#390712: exim4-daemon-heavy: A TLS fatal alert has been received.: Bad record MAC
Date: Tue, 3 Oct 2006 23:56:17 +0200
tags #390712 help
user exim4@packages.debian.org
usertags #390712 gnutls
thanks

On Mon, Oct 02, 2006 at 07:39:09PM +0200, Stian Jordet wrote:
> Any insight?

unfortunately, no. We're still in dire need of help with GnuTLS.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Tags added: help Request was from Marc Haber <mh+debian-packages@zugschlus.de> to control@bugs.debian.org. Full text and rfc822 format available.

Message sent on to Stian Jordet <stian@jordet.net>:
Bug#390712. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#390712; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Fargas <telenieko@telenieko.com>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #20 received at 390712@bugs.debian.org (full text, mbox):

From: Marc Fargas <telenieko@telenieko.com>
To: Debian Bug Tracking System <390712@bugs.debian.org>
Subject: exim4-daemon-heavy: Same with Nokia E60
Date: Fri, 03 Nov 2006 20:24:16 +0100
Package: exim4-daemon-heavy
Version: 4.63-8
Followup-For: Bug #390712

Hi, same happens with Nokia E60 phone. All other SSL/TLS (imaps, https) Services work
fine when accessed from the phone, only exim fails when trying to send messages.


-- Package-specific info:
Exim version 4.63 #1 built 23-Oct-2006 19:09:47
Copyright (c) University of Cambridge 2006
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September  6, 2005)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-1-686
Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8)

Versions of packages exim4-daemon-heavy depends on:
ii  debconf [debconf-2.0]   1.5.2            Debian configuration management sy
ii  exim4-base              4.63-8           support files for all exim MTA (v4
ii  libc6                   2.3.6-15         GNU C Library: Shared libraries
ii  libdb4.3                4.3.29-4.1       Berkeley v4.3 Database Libraries [
ii  libgnutls13             1.4.4-2          the GNU TLS library - runtime libr
ii  libldap2                2.1.30-13+b1     OpenLDAP libraries
ii  libmysqlclient15off     5.0.24a-9        mysql database client library
ii  libpam0g                0.79-3.1         Pluggable Authentication Modules l
ii  libpcre3                6.4-2            Perl 5 Compatible Regular Expressi
ii  libperl5.8              5.8.8-4          Shared Perl library
ii  libpq4                  8.1.4-2          PostgreSQL C client library
ii  libsasl2                2.1.19.dfsg1-0.2 Authentication abstraction library

exim4-daemon-heavy recommends no packages.

-- debconf information:
  exim4-daemon-heavy/drec:



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#390712; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+pkg-gnutls-maint@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #25 received at 390712@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+pkg-gnutls-maint@zugschlus.de>
To: pkg-gnutls-maint@lists.alioth.debian.org
Subject: Help with exim4 #390712, interaction with mobile phones
Date: Tue, 5 Dec 2006 16:16:22 +0100
Hi,

I have an issue with exim4 that can, IMO, clearly be traced to GnuTLS.
Please refer to #390712 for more information.

The original reporter, Stian Jordet <stian@jordet.net>, has a
SonyEricsson P990, and Marc Fargas <telenieko@telenieko.com> reports
the same issue with a Nokia E60 (Software Version 2.0618.06.05
(RM-49)).

I did some testing with Marc, and his phone was perfectly able to do
STARTTLS with an exim compiled against OpenSSL. Both exims were build
on the same Debian unstable system by myself, so I am reasonably sure
that we have a GnuTLS issue here.

Marc is willing to debug with him, and I can also put you in contact
with a close friend of mine who is plagued with the same issue with
his new mobile phone against his exim installation.

If there is anything that I can do to help, please get in touch with
me, and by all means keep me posted.

I am subscribed to pkg-gnutls-maint.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#390712; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Hanno 'Rince' Wagner <wagner@rince.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #30 received at 390712@bugs.debian.org (full text, mbox):

From: Hanno 'Rince' Wagner <wagner@rince.de>
To: 390712@bugs.debian.org
Subject: Same problem, nearly same hardware
Date: Tue, 5 Dec 2006 17:18:25 +0100
[Message part 1 (text/plain, inline)]
Hi,

I also have a Sony-Ericsson P990i (Germany, non-branded by a phone
provider)

My software versions on the mobile phone are:

PDA Software Version:
CXC162036 R3A04
Phone-Software-Version:
CXC152037 R5A006
Bluetooth Software Version:
CXC162058 R4F01
CDA-Version:
CDA162007/3 R3A03

I have the same problem with Exim - I try to do an smtp auth via
TLS, I get the certificate on the phone and accept to use it, but
then it just doesn't work. On the Exim-Side I only see the following:

2006-12-04 15:01:22 no host name found for IP address 82.113.121.1
2006-12-04 15:01:51 TLS recv error on connection from [82.113.121.1]: A TLS fatal alert has been received.: Bad record MAC
2006-12-04 15:01:51 TLS send error on connection from [82.113.121.1]: The specified session has been invalidated for some reason.

2006-12-04 15:02:44 no host name found for IP address 82.113.106.1
2006-12-04 15:02:51 TLS recv error on connection from [82.113.106.1]: A TLS fatal alert has been received.: Bad record MAC
2006-12-04 15:02:51 TLS send error on connection from [82.113.106.1]: The specified session has been invalidated for some reason.

2006-12-04 16:20:03 no host name found for IP address 82.113.106.1
2006-12-04 16:20:15 TLS recv error on connection from [82.113.106.1]: A TLS fatal alert has been received.: Bad record MAC
2006-12-04 16:20:15 TLS send error on connection from [82.113.106.1]: The specified session has been invalidated for some reason.

Without TLS it works:

2006-12-04 16:23:09 no host name found for IP address 82.113.106.1
2006-12-04 16:23:20 1GrFf4-00085h-Cv <= user@invalid H=([10.68.232.75]) [82.113.106.1] P=esmtpa A=login_server:user@invalid S=563 id=XSbjPMP4Wh8j.hG8LVVBK@invalid

(mail addresses taken out)

Ciao, Hanno
-- 
|  Hanno Wagner  | Member of the HTML Writers Guild  | Rince@IRC      |
| Eine gewerbliche Nutzung meiner Email-Adressen ist nicht gestattet! |
| 74 a3 53 cc 0b 19 - we did it!          |    Generation @           |
#"Die haben eine strategische Luftwaffe, atomgetriebene U-Boote und Arnold
# Schwarzenegger. Und wir? Wir haben nur das hier."
# 	-- "Martians"
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>:
Bug#390712; Package exim4-daemon-heavy. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Exim4 Maintainers <pkg-exim4-maintainers@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #35 received at 390712@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Hanno 'Rince' Wagner <wagner@rince.de>, 390712@bugs.debian.org, 390712-submitter@bugs.debian.org
Cc: Marc Haber <mh+debian-packages@zugschlus.de>
Subject: Cloning to libgnutls13
Date: Wed, 13 Dec 2006 08:22:50 +0100
clone #390712 -1
reassign -1 libgnutls13
retitle -1 errors establishing TLS session from Nokia and SE mobile phones
submitter -1 mh+debian-packages@zugschlus.de
block #390712 with -1
thanks

According to the discussion in
http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/2006-December/000349.html
and previous articles, it has been established that this is a gnutls
issue. I am therefore cloning the bug to libgnutls13.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835



Bug 390712 cloned as bug 402861. Request was from Marc Haber <mh+debian-packages@zugschlus.de> to control@bugs.debian.org. Full text and rfc822 format available.

Bug reassigned from package `exim4-daemon-heavy' to `libgnutls13'. Request was from Marc Haber <mh+debian-packages@zugschlus.de> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug title. Request was from Marc Haber <mh+debian-packages@zugschlus.de> to control@bugs.debian.org. Full text and rfc822 format available.

Changed Bug submitter from Stian Jordet <stian@jordet.net> to mh+debian-packages@zugschlus.de. Request was from Marc Haber <mh+debian-packages@zugschlus.de> to control@bugs.debian.org. Full text and rfc822 format available.

Blocking bugs of 390712 added: 402861 Request was from Marc Haber <mh+debian-packages@zugschlus.de> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#402861; Package libgnutls13. Full text and rfc822 format available.

Acknowledgement sent to Nikos Mavrogiannopoulos <nmav@gnutls.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #50 received at 402861@bugs.debian.org (full text, mbox):

From: Nikos Mavrogiannopoulos <nmav@gnutls.org>
To: 402861@bugs.debian.org
Cc: 390712@bugs.debian.org
Subject: Re: gnutls
Date: Wed, 24 Oct 2007 11:34:40 +0300
On Monday 22 October 2007, Nikos Mavrogiannopoulos wrote:
> On Sun, Aug 19, 2007 at 08:38:42AM +0200, Andreas Metzler wrote:
> > > Something that might help in debugging without much fuss, would be
> > > to test handshake by enabling other ciphersuites.
> > > That would be for gnutls-serv to only enable:
> > > a. key exchage: DHE-RSA  cipher: 3DES
> > > b. key exchange: DHE-RSA cipher: AES_256_CBC
> > > c. key exchange: RSA cipher ARCFOUR
> > > and return the traces if possible.
> > I have done these three tests (and a fourth against a gnutls-serv with
> > no restrictions for kx and cipher), and have attached the traces.
> > Version of gnutls-bin and libgnutls13 is 1.7.19-1.
> I have no clue what this could be. I only posses a Sony-Ericsson W810 which
> connects to my test gnutls server just fine, so I cannot reproduce or test
> it. If you could find a combination of ciphers, protocols, macs that work
> with these phones, I'd like to see the trace as well. However since I'm
> unable to reproduce I don't expect much.

Ok it seems that with the help of Hanno Wagner I managed to debug this issue.
These clients fail to understand TLS 1.0 record packets with a padding added. 
This only occurs when using non stream ciphers (i.e. not arcfour) and does 
not occur when using SSL 3.0 which does not allow such padding. So one point 
is for users of these devices to report that as bug.

However a fix in gnutls is not easy to do. If we disable the random padding in 
TLS 1.0 we do disable a nice feature of TLS that protects against statistical 
attacks. Thus I'd be against such a fix.

A solution for the clients would be to only allow SSL 3.0 (if they can 
configure it).

What I can do within gnutls is to add a function to disable this protection 
and servers that require maximum compatibility could use it.

(thus gnutls 2.2 will introduce gnutls_session_enable_compatibility_mode() to 
counter client bugs)

regards,
Nikos




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#402861; Package libgnutls13. Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #55 received at 402861@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Stian Jordet <stian@jordet.net>, Marc Fargas <telenieko@telenieko.com>, "Hanno 'Rince' Wagner" <wagner@rince.de>
Cc: 402861@bugs.debian.org, 390712@bugs.debian.org
Subject: Nokia/Ericsson MAC padding problem
Date: Mon, 04 Feb 2008 12:09:17 +0100
I believe we have identified that the problem in this bug is the MAC
padding.  We brought this up on the IETF TLS list:

http://thread.gmane.org/gmane.ietf.tls/3079

Pasi forwarded this to the Symbian TLS team, and my understanding is
that it is a known bug with the Symbian TLS implementation.

GnuTLS won't change the default to cater with broken implementations, at
least not without more justification that it is a widespread problem.  I
think this bug can be resolved as 'wontfix'.

Further, GnuTLS 2.2+ provides a mechanism to work around bugs in
implementations.  You should be able to connect the Nokia E90 to
gnutls-serv if you start it as:

$ gnutls-serv --priority "NORMAL:%COMPAT"

Applications can use the following functions to implement similar
behaviour:

  int gnutls_priority_init( gnutls_priority_t*, const char *priority, const char** err_pos);
  void gnutls_priority_deinit( gnutls_priority_t);
  
  int gnutls_priority_set(gnutls_session_t session, gnutls_priority_t);
  int gnutls_priority_set_direct(gnutls_session_t session, const char *priority, const char** err_pos);

I recommend that applications offer a way to set the GnuTLS priority
string in a configuration file, and to default it to 'NORMAL'.  It is
extra good if the application allows users to set the GnuTLS priority on
a per-IP basis, so that administrators doesn't have to decrease security
to cater for a few broken devices.

Given this, I think gnutls has done what it can about this bug, and it
might be appropriate to even close it, rather than leaving it in
wontfix.

Is there anything more we can do about this bug?  Suggestions are most
welcome.

/Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#402861; Package libgnutls13. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+debian-packages@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #60 received at 402861@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+debian-packages@zugschlus.de>
To: Simon Josefsson <simon@josefsson.org>, 390712@bugs.debian.org
Cc: Stian Jordet <stian@jordet.net>, Marc Fargas <telenieko@telenieko.com>, Hanno 'Rince' Wagner <wagner@rince.de>, 402861@bugs.debian.org
Subject: Re: Bug#390712: Nokia/Ericsson MAC padding problem
Date: Mon, 4 Feb 2008 14:12:54 +0100
On Mon, Feb 04, 2008 at 12:09:17PM +0100, Simon Josefsson wrote:
> I believe we have identified that the problem in this bug is the MAC
> padding.  We brought this up on the IETF TLS list:
> 
> http://thread.gmane.org/gmane.ietf.tls/3079
> 
> Pasi forwarded this to the Symbian TLS team, and my understanding is
> that it is a known bug with the Symbian TLS implementation.

At least we know who's at fault here.

> GnuTLS won't change the default to cater with broken implementations, at
> least not without more justification that it is a widespread problem.  I
> think this bug can be resolved as 'wontfix'.

I agree.

> I recommend that applications offer a way to set the GnuTLS priority
> string in a configuration file, and to default it to 'NORMAL'.  It is
> extra good if the application allows users to set the GnuTLS priority on
> a per-IP basis, so that administrators doesn't have to decrease security
> to cater for a few broken devices.

Since mobile phones usually connect with a dynamic IP address, this
will most probably end up with a 0.0.0.0/0.0.0.0 netmask though.

> Given this, I think gnutls has done what it can about this bug, and it
> might be appropriate to even close it, rather than leaving it in
> wontfix.
> 
> Is there anything more we can do about this bug?  Suggestions are most
> welcome.

I'd love to have some permanent reference that can be found by Symbian
device owners and referenced in response to new bug reports.

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 3221 2323190




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#402861; Package libgnutls13. Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #65 received at 402861@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 390712@bugs.debian.org, Stian Jordet <stian@jordet.net>, Marc Fargas <telenieko@telenieko.com>, "Hanno 'Rince' Wagner" <wagner@rince.de>, 402861@bugs.debian.org
Subject: Re: Bug#390712: Nokia/Ericsson MAC padding problem
Date: Mon, 04 Feb 2008 15:04:56 +0100
Marc Haber <mh+debian-packages@zugschlus.de> writes:

>> I recommend that applications offer a way to set the GnuTLS priority
>> string in a configuration file, and to default it to 'NORMAL'.  It is
>> extra good if the application allows users to set the GnuTLS priority on
>> a per-IP basis, so that administrators doesn't have to decrease security
>> to cater for a few broken devices.
>
> Since mobile phones usually connect with a dynamic IP address, this
> will most probably end up with a 0.0.0.0/0.0.0.0 netmask though.

True..  however some may know which IP addresses are affected, so making
this possible would be useful.  At least I could list the networks of my
3G provider.

>> Given this, I think gnutls has done what it can about this bug, and it
>> might be appropriate to even close it, rather than leaving it in
>> wontfix.
>> 
>> Is there anything more we can do about this bug?  Suggestions are most
>> welcome.
>
> I'd love to have some permanent reference that can be found by Symbian
> device owners and referenced in response to new bug reports.

Good idea.  I'm trying to find a good place in the manual to discuss
'MAC padding' and its interop problems.

/Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#402861; Package libgnutls13. Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #70 received at 402861@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: 390712@bugs.debian.org, Stian Jordet <stian@jordet.net>, Marc Fargas <telenieko@telenieko.com>, "Hanno 'Rince' Wagner" <wagner@rince.de>, 402861@bugs.debian.org
Subject: Re: Bug#390712: Nokia/Ericsson MAC padding problem
Date: Mon, 04 Feb 2008 15:38:47 +0100
Simon Josefsson <simon@josefsson.org> writes:

>>> Given this, I think gnutls has done what it can about this bug, and it
>>> might be appropriate to even close it, rather than leaving it in
>>> wontfix.
>>> 
>>> Is there anything more we can do about this bug?  Suggestions are most
>>> welcome.
>>
>> I'd love to have some permanent reference that can be found by Symbian
>> device owners and referenced in response to new bug reports.
>
> Good idea.  I'm trying to find a good place in the manual to discuss
> 'MAC padding' and its interop problems.

Added:

http://www.gnu.org/software/gnutls/manual/html_node/On-Record-Padding.html

/Simon




Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#402861; Package libgnutls13. Full text and rfc822 format available.

Acknowledgement sent to Marc Fargas <telenieko@telenieko.com>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #75 received at 402861@bugs.debian.org (full text, mbox):

From: Marc Fargas <telenieko@telenieko.com>
To: Marc Haber <mh+debian-packages@zugschlus.de>
Cc: Simon Josefsson <simon@josefsson.org>, 390712@bugs.debian.org, Stian Jordet <stian@jordet.net>, Hanno 'Rince' Wagner <wagner@rince.de>, 402861@bugs.debian.org
Subject: Re: Bug#390712: Nokia/Ericsson MAC padding problem
Date: Mon, 04 Feb 2008 16:25:30 +0100
[Message part 1 (text/plain, inline)]
El lun, 04-02-2008 a las 14:12 +0100, Marc Haber escribió:
> On Mon, Feb 04, 2008 at 12:09:17PM +0100, Simon Josefsson wrote:
> I'd love to have some permanent reference that can be found by Symbian
> device owners and referenced in response to new bug reports.
> 
> Greetings
> Marc

Here's a E60 and N95 owner (and a [currently] broken E61 too) glad to
tests things ;)

The easiest to play with is the N95 as it's my phone but can try stuff
in the E60 also without problem.

So just ask for anything you want me to try ;)

Cheers,
Marc
-- 
http://www.marcfargas.com -- will be finished some day.
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#402861; Package libgnutls13. Full text and rfc822 format available.

Acknowledgement sent to Simon Josefsson <simon@josefsson.org>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #80 received at 402861@bugs.debian.org (full text, mbox):

From: Simon Josefsson <simon@josefsson.org>
To: 402861@bugs.debian.org
Subject: Tagging as wontfix
Date: Tue, 05 Feb 2008 09:02:28 +0100
tag 402861 wontfix
thanks

I'm tagging this bug as wontfix because I don't see us doing much more
about it.  The problem appears to be well understood now.  We decided
not to change the implementation's default behaviour.  We offer
workarounds for the bug for applications, and the problem and
workarounds are discussed in the GnuTLS manual [1].

If there is anything more we could do here, feel free to raise it in
this bug.  (I'm assuming wontfix bugs aren't archived?)

Thanks,
/Simon

[1] http://www.gnu.org/software/gnutls/manual/html_node/On-Record-Padding.html




Tags added: wontfix Request was from Simon Josefsson <simon@josefsson.org> to control@bugs.debian.org. (Tue, 05 Feb 2008 08:03:03 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>:
Bug#402861; Package libgnutls13. Full text and rfc822 format available.

Acknowledgement sent to Marc Haber <mh+pkg-gnutls-maint@zugschlus.de>:
Extra info received and forwarded to list. Copy sent to Debian GnuTLS Maintainers <pkg-gnutls-maint@lists.alioth.debian.org>. Full text and rfc822 format available.

Message #87 received at 402861@bugs.debian.org (full text, mbox):

From: Marc Haber <mh+pkg-gnutls-maint@zugschlus.de>
To: Simon Josefsson <simon@josefsson.org>
Cc: 402861@bugs.debian.org, pkg-gnutls-maint@lists.alioth.debian.org
Subject: Bug 402861, GnuTLS and Symbian Phones
Date: Tue, 15 Jul 2008 19:31:45 +0200
On Tue, Feb 05, 2008 at 09:02:28AM +0100, Simon Josefsson wrote:
> I'm tagging this bug as wontfix because I don't see us doing much more
> about it.  The problem appears to be well understood now.  We decided
> not to change the implementation's default behaviour.  We offer
> workarounds for the bug for applications, and the problem and
> workarounds are discussed in the GnuTLS manual [1].

I have forwarded the issue to exim upstream in February. They'd love
to see some code illustrating what to do.

Is there anybody willing to help?

The upstream bugzilla can be found here
http://bugs.exim.org/show_bug.cgi?id=665

Greetings
Marc

-- 
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature |  How to make an American Quilt | Fax: *49 621 72739835




Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 04:51:18 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.