Martin von Gagern wrote: > Hi Nikos, thanks for your reply! > > Nikos Mavrogiannopoulos wrote: >>> My first question is this: is there a good reason that GnuTLS doesn't >>> indicate an older record version in accordance with appendix E by default? >> This is tricky. There are other servers that do not operate well if the >> client hello version does not match record version. This is the reason >> why gnutls has this behavior. Of course this was noticed many years ago. >> I don't know how many servers now have this problem. > > I see, and in that light it might make sense to not have the Appendix E > behaviour by default. In my opinion, it would be desirable if you could > at least configure GnuTLS to use that approach, though.
The commit below[0] adds a priority string called SSL3_RECORD_VERSION that forces a compatibility mode where an SSL 3.0 record version is set on the client hello. I have backported it to 2.6 branch as well. [0]. http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=27a05b85c390f3192fcf0c55c1b5c0196e33c727 regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
