I learned (or didn't actually learn?) more than I ever wanted to know about #GnuTLS with #OpenLDAP in #Debian.

I still didn't manage to make OpenLDAP only support TLSv1.3 without (potentially) breaking the rest of the system. Would be trivial with OpenSSL backend as you could just set the minimum TLS version in OpenLDAP, but well. Hopefully future releases of Debian will implement "crypto-policies" like in #Fedora.

https://codeberg.org/fkooman/paste/src/branch/main/LDAP_SETUP.md#tls-hardening

Plenty of new APIs added to Guile GnuTLS beta version 3.7.13, please give us feedback before the next stable release! #guile #gnutls https://lists.gnutls.org/pipermail/gnutls-help/2023-July/004832.html

It turns out that the problem is in fact due to #macOS Ventura. But it's not in #Emacs nor in #gnutls, but in #gmplib… With the patch applied, everything works fine now.

https://stackoverflow.com/a/75665967

@briellebouquet pointed out that the GnuTLS library, when spelled in lowercase, looks like it's pronounced "gnoodles" and I can't unsee it #gnutls

Trying to figure out why my #Guile environment in #NixOS is build without #GnuTLS bindings. Does anyone have a working Guile + GnuTLS setup in NixOS and is able to give me a hint?

Serious Security: GnuTLS follows OpenSSL, fixes timing attack bug - Conditional code considered cryptographically counterproductive. https://nakedsecurity.sophos.com/2023/02/13/serious-security-gnutls-follows-openssl-fixes-timing-attack-bug/ #cryptography #timingattack #crypto #gnutls

Looks like #gnutls is quite happy to generate the #pkcs12 file for me… and #openssl is then happy to load it. Wondering if this is a bug or a feature…!

That's another late impact of the famous letsencrypt intermediate certificate change ...

i will just open a bug on #gnutls when my brain will have cooled a little.

chasing in detween #ubuntu and #debian packaging of cadaver ( yes it's the program name ), i finaly found that it was not related to build but to system ca certificates.

ca-certificates are not the same, and there is an expired CA on debian that just confuses gnutls that stops reading following CAs.
Depending on when this expired ca is in the list server certificate will be accepted or not.

Just a #gnutls one.

Introduction à la compression de certificats avec #GnuTLS : https://www.redhat.com/sysadmin/gnutls-certificate-compression

Guile-GnuTLS v3.7.11 released! https://lists.gnutls.org/pipermail/gnutls-help/2022-December/004799.html
#gnutls #guile #gnu

#GnuTLS, are you drunk?

> activated `2022-11-02 13:10:41 UTC', expires `2023-01-31 13:10:40 UTC'
> activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC'
> activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC'
> The certificate chain uses expired certificate.

#GnuTLS, are you drunk?

> activated `2022-11-02 13:10:41 UTC', expires `2023-01-31 13:10:40 UTC'
> activated `2020-09-04 00:00:00 UTC', expires `2025-09-15 16:00:00 UTC'
> activated `2021-01-20 19:14:03 UTC', expires `2024-09-30 18:14:03 UTC'
> The certificate chain uses expired certificate.

Debugging build failures can lead you straight down into rabbit holes... #gnulib #libtasn1 #gnu #gnutls
https://lists.gnu.org/archive/html/bug-gnulib/2022-11/msg00138.html

Saturday night bike-shedding?
#GnuTLS code indentation https://gitlab.com/gnutls/gnutls/-/merge_requests/1671
#Guix word nit-picking https://lists.gnu.org/archive/html/guix-devel/2022-11/msg00298.html

16:55 - just finished a refactor + new features of the #TLS app I mentioned t'other day...
It's a #CLI app/consumable #NodeJS lib which you can feed >= 1 ciphersuite name & it'll tell you which clients/browsers will be able to negotiate a TLS connection (saves messing with servers) or you can feed it >= 1 ciphersuite (in a mix of formats) + a dest type (#IANA, #OpenSSL, #GNUTLS or Hex code) & it'll convert them to that format.
Used #SQLite for the first time via https://github.com/WiseLibs/better-sqlite3

GnuTLS patches memory mismanagement bug – update now! - GnuTLS may well be the most widespread cryptographic toolkit you've never heard of. Learn... https://nakedsecurity.sophos.com/2022/08/01/gnutls-patches-memory-mismanagement-bug-update-now/ #vulnerability #cve-2022-2509 #cryptography #double-free #heartbleed #gnutls

Nouvelles versions logicielles du projet GNU avril et mai 2017 https://linuxfr.org/news/nouvelles-versions-logicielles-du-projet-gnu-avril-et-mai-2017 #libcdio-paranoia #libmicrohttpd #linux-libre #diffutils #freedink #orgadoc #artanis #libidn2 #global #gnubik #gnutls #icecat #ocrad #gnupg #emacs #grub2 #guile #nano #kawa #acct #less #emms #grub #gnu #gcc #bc