Hello, Provoked by this issue[1], I started thinking about updating the minimum version of Nettle required by GnuTLS. Currently it's 3.6, while 3.10 was released 1.5 years ago. By updating it, we can eliminate the bundled copies of RSA-OAEP, AES-GCM-SIV, and SHAKE implementations, as well as the CVE-2021-4209 fix. Given Nettle 3.10.2 is ABI compatible with 3.6, I'm assuming that there is little impact to downstreams.
Any thoughts? Footnotes: [1] https://gitlab.com/gnutls/gnutls/-/issues/1759 -- Daiki Ueno _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
