I'm not quite sure about the current GnuTLS scare (see anarc.at/blog/2020-06-10-gnutl).

Yes, it's a nasty bug, but it's server-side. You're affected when talking to a server that makes use of TLS session tickets and relies on the implementation in GnuTLS. It doesn't matter if tons of client software use the library. I'd be surprised if session tickets get much use outside of https, so even server software like exim might be unaffected in practice.

GnuTLS advisory: gnutls.org/security-new.html#G


Well ok, it's last month's GnuTLS scare really. I hate blog posts without timestamps (yes it's visible in the URL, but I didn't really notice until re-reading my post 🙄 )...

@galaxis there's timestamp at the bottom of the page, but i would expect at at the top under the title, too
Sign in to participate in the conversation
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!