[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuTLS, OpenSSL support for TLS1.1, 1.2
|
From: |
Simon Josefsson |
|
Subject: |
Re: GnuTLS, OpenSSL support for TLS1.1, 1.2 |
|
Date: |
Fri, 29 Jan 2010 14:54:39 +0100 |
|
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) |
Vivek Dasmohapatra <address@hidden> writes:
>> I don't see anything beyond TLSv1.0 in /usr/include/openssl/tls1.h on my
>> system. If you have any more reliable information, please let us know.
>
> I ran up against a buggy proprietary server which a user reported
> didn't work with our GnuTLS backend but did with OpenSSL - turned out
> to be because the server exploded in a messy fireball if it saw a
> minor version
> of the protocol in the client hello that it didn't know about, instead of
> responding with the highest protocol level it supported
That's not unusual. Check the GnuTLS manual on how to make GnuTLS just
talk TLS 1.0 if you can't fix that server.
> (analysed with ssltap from libnss3 - is there an equivalent from
> GnuTLS, btw?):
There is gnutls-cli, but I don't know how it compares.
> The OpenSSL verssion worked because it only ever advertised TLS1.0,
> and I couldn't find any reference to making it advertise a higher
> version of the protocol. Not conclusive, but it does point to OpenSSL
> not implementing TLS 1.1 or 1.2 (at least in any documented,
> on-by-default way).
Right.
/Simon
- GnuTLS, OpenSSL support for TLS1.1, 1.2, Brandt Springman, 2010/01/28
- Re: GnuTLS, OpenSSL support for TLS1.1, 1.2, Simon Josefsson, 2010/01/29
- Re: GnuTLS, OpenSSL support for TLS1.1, 1.2, Vivek Dasmohapatra, 2010/01/29
- Re: GnuTLS, OpenSSL support for TLS1.1, 1.2,
Simon Josefsson <=
- Re: GnuTLS, OpenSSL support for TLS1.1, 1.2, Vivek Dasmohapatra, 2010/01/29
- Re: GnuTLS, OpenSSL support for TLS1.1, 1.2, Nikos Mavrogiannopoulos, 2010/01/29
- Re: GnuTLS, OpenSSL support for TLS1.1, 1.2, Steve Dispensa, 2010/01/29