Re: [Help-gnutls] Default record version

[Nikos Mavrogiannopoulos]

Martin von Gagern wrote:

>>> It seems that _gnutls_record_set_default_version would provide a way to
>>> get the intended behaviour of an older record version but a recent
>>> client hello version. That function doesn't seem to be intended as part
>>> of the public interface of GnuTLS, though [3]. Why is that?
>> It was meant as a hack to test for buggy servers that I mentioned above.
>> I don't think it should be normally used. A better solution would be to
>> have a priority string %RFC4346 that would enforce that behavior. What
>> do you think on that?
> 
> The reference to RFC 4346 in your sentence confuses me, especially as I
> see no reference to a "priority string" in that RFC. The only possible
> interpretation of your suggestion would be to use a call to
> gnutls_protocol_set_priority in order to disable TLS 1.1, thus enforcing
> a TLS 1.0 record header and client hello.

Hello,
 What I meant is to have this %RFC4346 option in the priority string in
order to specify that the way the client hello and first record version
will be according to appendix E as you quoted before (lowest supported
record version -SSL 3.0 and highest supported client hello version
-TLS1.1). The priority string is gnutls specific and means the string
you specify in the set_priority functions.


regards,
Nikos