gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnutls] Default record version

From: Nikos Mavrogiannopoulos
Subject: Re: [Help-gnutls] Default record version
Date: Sat, 21 Feb 2009 13:25:21 +0200
User-agent: Thunderbird 2.0.0.19 (X11/20090105) 
Martin von Gagern wrote:
> Hi Nikos, thanks for your reply!
> 
> Nikos Mavrogiannopoulos wrote:
>>> My first question is this: is there a good reason that GnuTLS doesn't
>>> indicate an older record version in accordance with appendix E by default?
>> This is tricky. There are other servers that do not operate well if the
>> client hello version does not match record version. This is the reason
>> why gnutls has this behavior. Of course this was noticed many years ago.
>> I don't know how many servers now have this problem.
> 
> I see, and in that light it might make sense to not have the Appendix E
> behaviour by default. In my opinion, it would be desirable if you could
> at least configure GnuTLS to use that approach, though.

The commit below[0] adds a priority string called SSL3_RECORD_VERSION
that forces a compatibility mode where an SSL 3.0 record version is set
on the client hello. I have backported it to 2.6 branch as well.

[0].
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=27a05b85c390f3192fcf0c55c1b5c0196e33c727


regards,
Nikos
reply via email to
[Prev in Thread] Current Thread [Next in Thread]