Martin von Gagern wrote: >>> It seems that _gnutls_record_set_default_version would provide a way to >>> get the intended behaviour of an older record version but a recent >>> client hello version. That function doesn't seem to be intended as part >>> of the public interface of GnuTLS, though [3]. Why is that? >> It was meant as a hack to test for buggy servers that I mentioned above. >> I don't think it should be normally used. A better solution would be to >> have a priority string %RFC4346 that would enforce that behavior. What >> do you think on that? > > The reference to RFC 4346 in your sentence confuses me, especially as I > see no reference to a "priority string" in that RFC. The only possible > interpretation of your suggestion would be to use a call to > gnutls_protocol_set_priority in order to disable TLS 1.1, thus enforcing > a TLS 1.0 record header and client hello.
Hello, What I meant is to have this %RFC4346 option in the priority string in order to specify that the way the client hello and first record version will be according to appendix E as you quoted before (lowest supported record version -SSL 3.0 and highest supported client hello version -TLS1.1). The priority string is gnutls specific and means the string you specify in the set_priority functions. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
