client certificate authentication

Simon Josefsson simon at
Sun Feb 1 11:07:31 CET 2009

Nikos Mavrogiannopoulos <nmav at> writes:

> The attached patch tries stay on the safe side and don't try to upgrade
> the TLS version on a rehandshake. I'm not sure whether this is the right
> thing to do, although performing a rehandshake to upgrade the TLS
> version seems quite unlikely.

I suspect it will become more likely given TLS 1.1 and TLS 1.2: you may
want to try TLS 1.0 on initial handshake, and then want to attempt more
recent TLS versions to get more advanced features from the other end --
however I think we use the patch for now and revisit this if someone
runs into this limit in the future.

This seems like a protocol issue, so we could ask on the IETF list


More information about the Gnutls-devel mailing list