Re: Problem with TLS 1.1 client connecting to TLS 1.0 server

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Problem with TLS 1.1 client connecting to TLS 1.0 server

From:	Roland Dreier
Subject:	Re: Problem with TLS 1.1 client connecting to TLS 1.0 server
Date:	Wed, 26 Aug 2009 22:47:34 -0700
User-agent:	Gnus/5.1008 (Gnus v5.10.8) XEmacs/21.4.21 (linux)

 > So it seems that _gnutls_gen_rsa_client_kx() should be using the
 > active version here, but I'm not sure what the correct real fix within
 > the gnutls design is.  Can someone provide guidance on how to fix this?

Never mind ... after reading the TLS spec more closely, I see that the
client is correct in using the highest version it offered in the
premaster secret.  This is a bug (and apparently a common bug -- it
appears in the ietf TLS interoperability draft) in the server, and I
will report it to the server people.

Sorry for the noise.

 - Roland
-- 
Roland Dreier  <address@hidden>  GPG Key: 1024D/E0EEFAC0
Fingerprint:     A89F B5E9 C185 F34D BD50  4009 37E2 25CC E0EE FAC0

 Sending >500KB attachments is forbidden by the Geneva Convention.
        Your country may be at risk if you fail to comply.

[Prev in Thread]

Current Thread

[Next in Thread]

Problem with TLS 1.1 client connecting to TLS 1.0 server, Roland Dreier, 2009/08/26
- Re: Problem with TLS 1.1 client connecting to TLS 1.0 server, Simon Josefsson, 2009/08/27
- Re: Problem with TLS 1.1 client connecting to TLS 1.0 server, Roland Dreier <=

Prev by Date: Re: Why not SHA256 in cipher suite?
Next by Date: GnuTLS portability fixes
Previous by thread: Re: Problem with TLS 1.1 client connecting to TLS 1.0 server
Next by thread: GnuTLS portability fixes
Index(es):
- Date
- Thread