[Help-gnutls] Re: support for ssl3.0 connection

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Re: support for ssl3.0 connection

From:	Simon Josefsson
Subject:	[Help-gnutls] Re: support for ssl3.0 connection
Date:	Wed, 20 Aug 2008 16:42:11 +0200
User-agent:	Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux)

Brian Lavender <address@hidden> writes:

> Thanks for the feedback on the previous questions.
>
> I am looking at the docs for selecting different protocols and different
> ciphersuites. I would like my server connection to attempt ssl3.0 first.
> I see the command gnutls_priority_init, but I am a little unsure how to 
> tell it to attempt ssl3.0 first. What sort of string should I use for
> the command?
>
> char *error_loc;
>
> gnutls_priority_init(&priority_cache, "NORMAL:SSL3.0",**error_loc)

I don't think it is possible to attempt SSL 3.0 before TLS 1.0: the
highest mutually supported version number will be used.  If both systems
support SSL 3.0, TLS 1.0 and TLS 1.1, the only way to negotiate SSL 3.0
is to disable TLS 1.0 and TLS 1.1.

To disable TLS 1.0 and TLS 1.1 (which are both enabled by default)
you'll want to use a priority string like:

NORMAL:-VERS-TLS1.0:-VERS-TLS1.1

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnutls] support for ssl3.0 connection, Brian Lavender, 2008/08/20
- [Help-gnutls] Re: support for ssl3.0 connection, Simon Josefsson <=
- Message not available
  - Re: [Help-gnutls] support for ssl3.0 connection, Brian Lavender, 2008/08/23

Prev by Date: [Help-gnutls] support for ssl3.0 connection
Next by Date: Re: [Help-gnutls] support for ssl3.0 connection
Previous by thread: [Help-gnutls] support for ssl3.0 connection
Next by thread: Re: [Help-gnutls] support for ssl3.0 connection
Index(es):
- Date
- Thread