GnuTLS Length Hiding patch.

- Remove random padding; use minimal padding with legacy interface
- With new interface, use LH when possible, that is in CBC mode or with the new padding extension
- Rename priority to "NEW_PADDING"
- gnutls-cli: add command line switch --ranges using LH when possible.
- Update documentation

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

1 files changed, 3 insertions, 3 deletions

diff --git a/tests/mini-record.c b/tests/mini-record.c
index 48cd5ebfb7..8843f37932 100644
--- a/tests/mini-record.c
+++ b/tests/mini-record.c
@@ -397,9 +397,9 @@ static void start (const char* prio)
 #define AES_CBC_SHA256 "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
 #define AES_GCM "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL"
 
-#define NEW_AES_CBC "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL:%RANDOM_PADDING"
-#define NEW_AES_CBC_SHA256 "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL:%RANDOM_PADDING"
-#define NEW_AES_GCM "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL:%RANDOM_PADDING"
+#define NEW_AES_CBC "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+AES-128-CBC:+SHA1:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
+#define NEW_AES_CBC_SHA256 "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+RSA:+AES-128-CBC:+AES-256-CBC:+SHA256:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
+#define NEW_AES_GCM "NONE:+VERS-DTLS1.0:-CIPHER-ALL:+RSA:+AES-128-GCM:+MAC-ALL:+SIGN-ALL:+COMP-ALL:+ANON-ECDH:+CURVE-ALL:%NEW_PADDING"
 
 static void ch_handler(int sig)
 {