Re: Default record version

[Simon Josefsson]

Martin von Gagern <address@hidden> writes:

> Nikos Mavrogiannopoulos wrote:
>> The commit below adds a priority string called SSL3_RECORD_VERSION
>> that forces a compatibility mode where an SSL 3.0 record version is set
>> on the client hello. I have backported it to 2.6 branch as well.
>
> Pidgin is now using %SSL3_RECORD_VERSION, so I'm looking forward to the
> next releases to actually contain this feature. When will they happen?

The gnutls 2.7.x branch is in a pretty good state.  The only thing I'm
aware of is that we should finish the TLS 1.2 implementation.
Alternatively, we could also disable the TLS 1.2 support until we have
finished the implementation.

(The current TLS 1.2 support is for an old TLS 1.2 draft which doesn't
interoperate with the final TLS 1.2...)

I don't think I will have time to look into this in the next few weeks
though.

Also, this isn't a regression over GnuTLS 2.6.x which has the same
partial TLS 1.2 implementation.  So we could also just document this
fact, and release now.

/Simon