Bug 14408 - Samba's tls library uses gnutls_priority_set_direct() instead of gnutls_set_default_priority(,_append)
Summary: Samba's tls library uses gnutls_priority_set_direct() instead of gnutls_set_d...
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.12.2
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Andreas Schneider
QA Contact: Samba QA Contact
Depends on:
Reported: 2020-06-15 09:55 UTC by Andreas Schneider
Modified: 2020-07-01 15:28 UTC (History)
2 users (show)

See Also:

patch for 4.12 (8.37 KB, patch)
2020-06-18 11:30 UTC, Andreas Schneider
asn: review? (ab)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Schneider 2020-06-15 09:55:48 UTC
Samba doesn't honor the default priority list for TLS cihpers making it hard to get rid of legacy algorithms and setting sane system wide defaults.

Patch will follow.
Comment 1 Andreas Schneider 2020-06-18 11:30:24 UTC
Created attachment 16059 [details]
patch for 4.12
Comment 2 Andreas Schneider 2020-07-01 15:28:01 UTC
This is broken in GnuTLS.