Brian Lavender <[EMAIL PROTECTED]> writes: > Thanks for the feedback on the previous questions. > > I am looking at the docs for selecting different protocols and different > ciphersuites. I would like my server connection to attempt ssl3.0 first. > I see the command gnutls_priority_init, but I am a little unsure how to > tell it to attempt ssl3.0 first. What sort of string should I use for > the command? > > char *error_loc; > > gnutls_priority_init(&priority_cache, "NORMAL:SSL3.0",**error_loc)
I don't think it is possible to attempt SSL 3.0 before TLS 1.0: the highest mutually supported version number will be used. If both systems support SSL 3.0, TLS 1.0 and TLS 1.1, the only way to negotiate SSL 3.0 is to disable TLS 1.0 and TLS 1.1. To disable TLS 1.0 and TLS 1.1 (which are both enabled by default) you'll want to use a priority string like: NORMAL:-VERS-TLS1.0:-VERS-TLS1.1 /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
