GnuTLS: Big internal bugs, few real-world problems

Yes, GnuTLS has major security holes. So what? Almost no one uses it in ways where it could be vulnerable to fraud.
Written by Steven Vaughan-Nichols, Senior Contributing Editor

According to some reports you'd think the security sky was falling. Yes, GnuTLS, an open-source "secure" communications library that implements \Secure-Socket Layer (SSL) and Transport Layer Security (TLS), has serious flaws. The good news? Almost no one uses it. OpenSSL has long been everyone's favorite open-source security library of choice.

GnuTLS Logo
GnuTLS Logo

Red Hat discovered the latest in a long-series of GnuTLS bugs .

Latest? Yes, latest.

You see, GnuTLS has long been regarded as being a poor SSL/TLS security library. A 2008 message on the OpenLDAP mailing list had "GnuTLS considered harmful" as its subject — which summed it up nicely. 

In it, Howard Chu, chief architect for the OpenLDAP, the open-source implementation of the Lightweight Directory Access Protocol (LDAP), wrote, "In short, the code is fundamentally broken; most of its external and internal APIs are incapable of passing binary data without mangling it. The code is completely unsafe for handling binary data, and yet the nature of TLS processing is almost entirely dependent on secure handling of binary data. I strongly recommend that GnuTLS not be used. All of its APIs would need to be overhauled to correct its flaws and it's clear that the developers there are too naive and inexperienced to even understand that it's broken." 

With GnuTLS's most recent and perhaps biggest failure to date, Red Hat found that GnuTLS, when shown a specially rigged kind of bogus SSL certificate, would fail to see that the certificate was a fake.

The project itself, despite its name, is no longer associated with GNU or GNU/Linux. Its chief designer, Nikos Mavrogiannopoulos, had "a major disagreement with the Free Software Foundation's (FSF) decisions and practices. He then made it an independent project.

None of this has stopped some people from using GnuTLS. The usual reason is that its license, the Lesser Gnu Public License (LGPL), is considered more compatible with GPL licensed software such as Linux, than OpenSSL's BSD style open-source license.

There have been claims that "more than 200 different operating systems or applications rely on GnuTLS to implement crucial SSL and TLS operations." This statement was based on a single Debian user group discussion.

When I looked at this message thread the examples cited were multiple Debian network programs such as exim4, a mail transfer agent; cups, a print server; wget, a file retrieval program; and network-manager, a program used to set up network connections, relied on GnuTLS. Doing my digging I also found that Ubuntu uses GnuTLS with OpenLDAP. Whoops!

Now, make no mistake about it these are all important programs but none of them are used for financial transfers or other situations where a man-in-the-middle attack is likely to cause significant damage. In short, while the code's a real mess, it's highly unlikely anyone in danger of losing credit-card numbers to it. The Apple iOS and Mac OS X goto problem was much more serious.

In the real world almost all open-source based Web servers use OpenSSL. Of the two most popular open-source Web browsers Apache uses OpenSSL by default and nginx requires OpenSSL.

To sum up, no one should be using GnuTLS. There are far better security programs out there starting with the far more popular OpenSSL. If for some reason you must use GnuTLS for now, either upgrade to the latest GnuTLS version (3.2.12) or apply the GnuTLS 2.12.x patch. Oh, and developers? Start weaning your programs from GnuTLS, you, and your users, will be glad you did.  

Related Stories:

Editorial standards