[SCM] GNU gnutls branch, master, updated. gnutls_2_99

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-20-gc482b90

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-20-gc482b90
Date:	Sun, 08 May 2011 07:56:44 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=c482b905eb262b7c228fe28db591b822abd4c7fc

The branch, master has been updated
       via  c482b905eb262b7c228fe28db591b822abd4c7fc (commit)
      from  5bf19aab9133c615b599d661221d6650939c718b (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c482b905eb262b7c228fe28db591b822abd4c7fc
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Sun May 8 09:52:39 2011 +0200

    Added discussion on compatibility issues.

-----------------------------------------------------------------------

Summary of changes:
 doc/cha-intro-tls.texi |   25 +++++++++++++++++++++++++
 1 files changed, 25 insertions(+), 0 deletions(-)

diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index beb6fb0..78b6f90 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -635,6 +635,31 @@ It might also be useful to be able to check for expired 
sessions in
 order to remove them, and save space. The function
 @ref{gnutls_db_check_entry} is provided for that reason.
 
address@hidden Compatibility issues
+The @acronym{TLS} handshake is a complex procedure that negotiates all
+required parameters for a secure session. @acronym{GnuTLS} supports
+several @acronym{TLS} extensions, as well as the latest known published
+version being @acronym{TLS} 1.2. However few implementations are not able to
+properly interoperate once faced with extensions or version protocols
+they do not support and understand. The @acronym{TLS} protocol allows for 
+graceful downgrade to the commonly supported options, but practice shows that 
+it is not always implemented correctly. 
+
+Because there is no way to handle maximum compatibility with such broken peers
+without sacrificing security, @acronym{GnuTLS} ignores such peers by default. 
+This might not be acceptable in several cases
+thus we allow enabling maximum compatibility with such peers using
+priority strings (see @ref{Priority Strings}). An example priority string that 
will
+disable all supported  @acronym{TLS} protocol versions except for
+the widely supported @acronym{SSL} 3.0 and @acronym{TLS} 1.0
+is shown below:
address@hidden
+NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT
address@hidden example
+This priority string provides wider compatibility to broken peers. 
+We suggest however to use the normal defaults and only switch to such 
compatibility
+modes only when compatibility issues occur.
+
 @node TLS Extensions
 @section TLS Extensions
 @cindex TLS Extensions


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_2_99_1-20-gc482b90, Nikos Mavrogiannopoulos <=

Prev by Date: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_4-7-gfe8358f
Next by Date: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_4-8-g5aa4315
Previous by thread: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_4-7-gfe8358f
Next by thread: [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_4-8-g5aa4315
Index(es):
- Date
- Thread