Florian Weimer <f...@deneb.enyo.de> writes: > * Simon Josefsson: > >> FWIW, the latest stable GnuTLS version with RFC 5746 support is not >> even in testing, so it won't be part of even the next stable. > > What would be required to get a backport of RFC 5746 support into the > current stable (considering that we do not want to incorporate too > many unrelated changes)?
Someone to move the changes from the 2.10.x branch back on to 2.8.x, and to make sure it is working properly. There are self tests to check that a backport is working: http://git.savannah.gnu.org/cgit/gnutls.git/tree/tests/safe-renegotiation The new API to query whether the extension is negotiated or not is also needed, but that shouldn't cause any problems as far as I can see. A binary using the new API wouldn't work with the original gnutls in stable, though, but I think that is an acceptable price? /Simon -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87pqv3g4e4....@mocca.josefsson.org
