3.3.4 On record padding

The TLS protocol allows for random padding of records, to prevent statistical analysis based on the length of exchanged messages (see [RFC5246] GnuTLS appears to be one of few implementation that take advantage of this text, and pad records by a random length.

The TLS implementation in the Symbian operating system, frequently used by Nokia and Sony-Ericsson mobile phones, cannot handle non-minimal record padding. What happens when one of these clients handshake with a GnuTLS server is that the client will fail to compute the correct MAC for the record. The client sends a TLS alert (bad_record_mac) and disconnects. Typically this will result in error messages such as ’A TLS fatal alert has been received’, ’Bad record MAC’, or both, on the GnuTLS server side.

GnuTLS implements a work around for this problem. However, it has to be enabled specifically. It can be enabled by using gnutls_record_disable_padding, or gnutls_priority_set with the %COMPAT priority string (see Priority strings).

If you implement an application that have a configuration file, we recommend that you make it possible for users or administrators to specify a GnuTLS protocol priority string, which is used by your application via gnutls_priority_set. To allow the best flexibility, make it possible to have a different priority string for different incoming IP addresses.