> Appears to be triggered by GnuTLS implementing MAC padding to solve a
> security problem in TLS. OpenSSL reportedly does not implement the same
> work around, and would thus appear to be vulnerable to that problem.
>
> Conclusion: Appears to be a ‘wontfix’ bug. Personally, I think GnuTLS could
> provide a simpler mechanism to disable MAC padding if applications deem
> this necessary. Someone could double check how important the MAC padding
> security concern is.

This padding of TLS is not to work-around a TLS security problem. It is the CBC padding described in TLS 1.0 which protects TLS record packets against statistical analysis of data. I.e in ARCFOUR (stream) if you transmit 5 bytes, the encrypted data will be 5 bytes. In openssl CBC (which doesn’t use this feature) if you transmit 5 bytes with AES it would output 16 encrypted data. In gnutls the encrypted output varies and can be any number between 16-255 (of course it would be a multiple blocks).

So in that aspect gnutls is more secure than other alternatives in the sense that no eavesdropper can guess anything about the text by looking the size of the ciphertext. This is a standard TLS 1.0 and if a client cannot support this it is a buggy one.