On Sat, 2016-03-19 at 07:51 -0700, Watson Ladd wrote: > On Fri, Mar 18, 2016 at 4:31 PM, Peter Gutmann > <pgut...@cs.auckland.ac.nz> wrote: > > > > Watson Ladd <watsonbl...@gmail.com> writes: > > > > > > > > Then use a padding extension that solves all problems, instead of > > > relying on > > > a side effect of CBC mode. > > It's not a "side-effect of CBC mode", CBC mode allows padding > > packets, GCM > > doesn't, see Colm MacCárthaigh's recent post on the topic. > GnuTLS is the only implementation that pads to more than 16 byte > boundaries
This is no longer true. We disabled that feature few years ago since it was the main cause for several compatibility failures. The failures were with other broken implementations, but no-one cares who is at fault if the session doesn't work. regards, Nikos _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
