On 07/10/2012 04:39 PM, Bruno Vernay wrote: > Hello, > > I have a hard time to understand the gnutls-cli-debug results. > Simply from "Checking for version rollback bug in RSA PMS... no". > Does it mean: No, the bug is not present
That one. > Then, what exactly is the "version rollback bug in RSA PMS" ? gnutls-cli-debug is a tool I used to debug servers while developing gnutls and some messages may have been only apparent to me. The comment in the test mentions: "here we enable both SSL 3.0 and TLS 1.0 and try to connect and use rsa authentication. If the server is old, buggy and only supports SSL 3.0 then the handshake will fail." > A link to some reference information would be nice. I guess it is some > kind of downgrade re-negotiation, but without further information, I > cannot conclude anything. There is no comprehensive list of TLS and SSL bugs that are I'm aware of. Documenting all of them is substantial work and it is not in my immediate plans. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
