FS#70421 - [gnutls] Changing session_id during HelloRetryRequest

Attached to Project: Arch Linux
Opened by Vignesh Balasubramaniam (viggy96) - Monday, 12 April 2021, 14:51 GMT
Last edited by Andreas Radke (AndyRTR) - Thursday, 10 June 2021, 18:30 GMT
Task Type Bug Report
Category Upstream Bugs
Status Closed
Assigned To Andreas Radke (AndyRTR)
Architecture All
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description: GnuTLS is causing failures against TLS 1.3 servers

Additional information is available here: https://github.com/traefik/traefik/issues/8038
This task depends upon

Closed by  Andreas Radke (AndyRTR)
Thursday, 10 June 2021, 18:30 GMT
Reason for closing:  Fixed
Additional comments about closing:  gnutls 3.7.2-1
Comment by loqs (loqs) - Monday, 12 April 2021, 16:28 GMT
Please try the attached patch, after testing please revert to the unpatched package. Please also consider reporting the issue upstream [1].

[1] https://gitlab.com/gnutls/gnutls/-/issues
   test.patch (0.6 KiB)
Comment by Andreas Radke (AndyRTR) - Tuesday, 13 April 2021, 14:33 GMT
https://gitlab.com/gnutls/gnutls/-/issues?scope=all&utf8=%E2%9C%93&state=opened&search=TLS+1.3
Comment by loqs (loqs) - Saturday, 17 April 2021, 21:36 GMT
https://gitlab.com/gnutls/gnutls/-/merge_requests/1410/commits may give you an option to work around the issue, if clients expose it, if you do not want to report the issue upstream.
Comment by Vignesh Balasubramaniam (viggy96) - Wednesday, 21 April 2021, 22:26 GMT
Bug has been filed with upstream GnuTLS: https://gitlab.com/gnutls/gnutls/-/issues/1210
Comment by Vignesh Balasubramaniam (viggy96) - Wednesday, 21 April 2021, 22:27 GMT
For now, I have downgraded to GnuTLS 3.7.0-1
Comment by Vignesh Balasubramaniam (viggy96) - Friday, 23 April 2021, 18:16 GMT
Issue has been fixed upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/1411

Loading...