[exim-dev] [Bug 390] New: Should optionally tempfail if no e…

Top Pagina
Delete this message
Reply to this message
Auteur: World Wide Web Owner
Datum:  
Aan: exim-dev
Onderwerp: [exim-dev] [Bug 390] New: Should optionally tempfail if no entropy available
http://www.exim.org/bugzilla/show_bug.cgi?id=390

           Summary: Should optionally tempfail if no entropy available
           Product: Exim
           Version: 4.63
          Platform: All
               URL: http://bugs.debian.org/387448
        OS/Version: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: TLS
        AssignedTo: ph10@???
        ReportedBy: mh+exim-bugzilla@???
         QAContact: exim-dev@???



Hi,

GnuTLS is flawed because it uses up way too much entropy. Since exim on Debian
links against GnuTLS, we keep having this problem.

The issue reported to the Debian BTS in #387448 is that exim currently can be
DoSsed by opening multiple SMTP connections and issueing STARTTLS commands
there. In that situation, exim blocks and waits for more entropy.

In the opinion of the bug reporter, exim should not block but instead issue a
temporary failure to allow the remote side to continue without encryption.
Personally, I do not fully agree with the reporter here, but I have to forward
the issue upstream anyway. It would probably be an acceptable option to have
exim's behavior configurable in this regard, allowing the local admin to choose
whether to block or to issue a temp failure.

The original bug report has a lot more reasoning which I am not going to repeat
here.

Greetings
Marc



------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.