On 01/23/2012 10:18 PM, Daniel Stenberg wrote: > On Mon, 23 Jan 2012, Daniel Stenberg wrote: > >> We only had a total of 210 commits in curl between 7.22.0 and 7.23.0 >> so bisecting shouldn't be too time consuming if the procedure to get >> the bug to appear isn't too slow. > > Ok, so my bisecting identified the attached commit as the offender. If I > revert this change the libmicrohttpd test seems to run correctly again. > > I would appreciate if someone else helped me verify this.
It doesn't look right. I'd change "-VERS-TLS-ALL:+VERS-SSL3.0" with "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0". However your priority string seem quite radical. You only allow SSL 3.0. If you care about interoperability I'd suggest a string similar to http://www.gnu.org/software/gnutls/manual/html_node/Interoperability.html but even then you have issues like being vulnerable to the "beast" attack. regards, Nikos btw. gnutls 3.0.12 added a check for gnutls_priority_set_direct() to fail if given a string that adds no actual priorities (like the above).
