Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

On Fri, Oct 5, 2018 at 5:21 PM, Nathanael D. Noblet wrote: Ok, I can help with the debugging if needed. I just didn't know what stack this was built on. Let me know if/what you'd like me to do. Honestly I have no clue since the code seems foolproof. A bug report at

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

On Fri, 2018-10-05 at 17:14 +0200, mcatanz...@gnome.org wrote: > On Fri, Oct 5, 2018 at 4:54 PM, Nathanael D. Noblet < > nathan...@gnat.ca> wrote: > > Ok, so should I be filing a bug and if so against which component? > > I > > wasn't sure if the google online accounts part of GNOME used GnuTLS >

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

On Fri, Oct 5, 2018 at 4:54 PM, Nathanael D. Noblet wrote: Ok, so should I be filing a bug and if so against which component? I wasn't sure if the google online accounts part of GNOME used GnuTLS or not. It uses glib-networking, which does use GnuTLS. glib-networking already enables SNI (off

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

On Thu, 2018-10-04 at 21:33 +0200, Michael Schwendt wrote: > > Yes. If Google hands out certificates for other secure services in > the > same way as it does on its IMAP servers, any other TLS based client > will > need to be developed further. Ok, so should I be filing a bug and if so against

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

On Wed, 26 Sep 2018 09:20:30 -0600, Nathanael D. Noblet wrote: > I get what I think is a similar error with the google 'Online accounts' > > I get a certificate error. The message is: > > "No SNI provided; please fix your client." > > Would this be a related issue? Yes. If Google hands out

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

On Sat, 2018-09-22 at 22:32 +0200, Michael Schwendt wrote: > On Wed, 18 Jul 2018 17:26:06 -0400, Ben Cotton wrote: > > > This change enables TLS 1.3 (draft28) support on the gnutls crypto > > library. > > == Upgrade/compatibility impact == > > That change should have no impact on upgrade or

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

On Mon, 24 Sep 2018 11:27:49 +0200, Florian Weimer wrote: > Actually, I assume Google simply made a mistake here. But this is > getting off-topic. As I've mentioned in the Fedora bugzilla ticket, pointing at the gnutls API is not a solution. libetpan upstream would appreciate a pull request.

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

* Nicolas Mailhot: > The RFC clearly states there is ongoing work to remove any issue that > would prevent use of SNI everywhere. And you assume Google cares more > about scalability, than about mixing traffic as much as possible, to > avoid third parties interfering with the way it wants its

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

Le 2018-09-24 08:49, Florian Weimer a écrit : * Nicolas Mailhot: Le dimanche 23 septembre 2018 à 22:39 +0200, Florian Weimer a écrit : In Google's case, there is only one server, imap.gmail.com: That's the public name, nothing stops

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

* Nicolas Mailhot: > Le dimanche 23 septembre 2018 à 22:39 +0200, Florian Weimer a écrit : >> > On Sun, Sep 23, 2018 at 10:14 AM, Nicolas Mailhot >> > >> To be honest, this looks like a misconfiguration of the Google >> servers. > > Actually, this is probably a "we can finally declare IE6 dead

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

Le dimanche 23 septembre 2018 à 22:39 +0200, Florian Weimer a écrit : > > On Sun, Sep 23, 2018 at 10:14 AM, Nicolas Mailhot > > > To be honest, this looks like a misconfiguration of the Google > servers. Actually, this is probably a "we can finally declare IE6 dead and use SNI everywhere" moment

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

> On Sun, Sep 23, 2018 at 10:14 AM, Nicolas Mailhot > wrote: >> ??? That's not a Google choice, SNI is one of the >> Mandatory-to-Implement >> Extensions in TLS 1.3. You'll need it to connect to anything that >> claims >> TLS 1.3 (which will be everyone as soon as someone publishes a hole in >>

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

On Sun, Sep 23, 2018 at 10:14 AM, Nicolas Mailhot wrote: ??? That's not a Google choice, SNI is one of the Mandatory-to-Implement Extensions in TLS 1.3. You'll need it to connect to anything that claims TLS 1.3 (which will be everyone as soon as someone publishes a hole in TLS 1.2) Of course

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

Le dimanche 23 septembre 2018 à 09:40 -0500, mcatanz...@gnome.org a écrit : > > There's really nothing more to say about the problem than what's > explained there. If you want to connect to Google with TLS 1.3 you're > going to have to use SNI, because Google has decided to require it. ???

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

On Sun, Sep 23, 2018 at 7:57 AM, Michael Schwendt wrote: That an update for SNI may be required is clear, but it doesn't answer the question where a change will be needed. The Claws Mail developers will have to investigate. The right place will be close to all the other uses of GnuTLS,

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

On Sat, 22 Sep 2018 16:32:07 -0500, mcatanzaro gnome org wrote: > You'll need to add a call to gnutls_server_name_set(), see: > > https://www.gnutls.org/manual/gnutls.html#Server-name-indication That an update for SNI may be required is clear, but it doesn't answer the question where a change

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

On Sat, Sep 22, 2018 at 3:32 PM, Michael Schwendt wrote: Apparently, this change breaks Google Mail IMAP for Claws Mail. https://bugzilla.redhat.com/1629151 You'll need to add a call to gnutls_server_name_set(), see: https://www.gnutls.org/manual/gnutls.html#Server-name-indication The

Re: F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

On Wed, 18 Jul 2018 17:26:06 -0400, Ben Cotton wrote: > This change enables TLS 1.3 (draft28) support on the gnutls crypto library. > == Upgrade/compatibility impact == > That change should have no impact on upgrade or compatibility. The TLS > 1.3 protocol is designed in a way that does not

F29 Self-Contained Change: GnuTLS enables TLS 1.3 by default

== Summary == This change enables TLS 1.3 (draft28) support on the gnutls crypto library. == Owner == * Name: Nikos Mavrogiannopoulos == Detailed Description == This change will enable the TLS 1.3 protocol (draft28) on the gnutls library. TLS 1.3 is the latest version of the TLS protocol which