Problem with TLS 1.1 client connecting to TLS 1.0 server
Roland Dreier
roland at digitalvampire.org
Thu Aug 27 07:47:34 CEST 2009
> So it seems that _gnutls_gen_rsa_client_kx() should be using the
> active version here, but I'm not sure what the correct real fix within
> the gnutls design is. Can someone provide guidance on how to fix this?
Never mind ... after reading the TLS spec more closely, I see that the
client is correct in using the highest version it offered in the
premaster secret. This is a bug (and apparently a common bug -- it
appears in the ietf TLS interoperability draft) in the server, and I
will report it to the server people.
Sorry for the noise.
- Roland
--
Roland Dreier <roland at digitalvampire.org> GPG Key: 1024D/E0EEFAC0
Fingerprint: A89F B5E9 C185 F34D BD50 4009 37E2 25CC E0EE FAC0
Sending >500KB attachments is forbidden by the Geneva Convention.
Your country may be at risk if you fail to comply.
More information about the Gnutls-devel
mailing list