14408 – Samba's tls library uses gnutls_priority_set_direct() instead of gnutls_set_default_priority(,_append)

Bug 14408 - Samba's tls library uses gnutls_priority_set_direct() instead of gnutls_set_default_priority(,_append)

Summary: Samba's tls library uses gnutls_priority_set_direct() instead of gnutls_set_d...

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	AD: LDB/DSDB/SAMDB (show other bugs)
Version:	4.12.2
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Andreas Schneider
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-06-15 09:55 UTC by Andreas Schneider
Modified:	2020-07-01 15:28 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
patch for 4.12 (8.37 KB, patch) 2020-06-18 11:30 UTC, Andreas Schneider	asn: review? (ab)	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Schneider 2020-06-15 09:55:48 UTC

Samba doesn't honor the default priority list for TLS cihpers making it hard to get rid of legacy algorithms and setting sane system wide defaults.

Patch will follow.

Comment 1 Andreas Schneider 2020-06-18 11:30:24 UTC

Created attachment 16059 [details]
patch for 4.12

Comment 2 Andreas Schneider 2020-07-01 15:28:01 UTC

This is broken in GnuTLS.