[Help-gnutls] Default record version

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Feb 21 12:25:21 CET 2009


Martin von Gagern wrote:
> Hi Nikos, thanks for your reply!
> 
> Nikos Mavrogiannopoulos wrote:
>>> My first question is this: is there a good reason that GnuTLS doesn't
>>> indicate an older record version in accordance with appendix E by default?
>> This is tricky. There are other servers that do not operate well if the
>> client hello version does not match record version. This is the reason
>> why gnutls has this behavior. Of course this was noticed many years ago.
>> I don't know how many servers now have this problem.
> 
> I see, and in that light it might make sense to not have the Appendix E
> behaviour by default. In my opinion, it would be desirable if you could
> at least configure GnuTLS to use that approach, though.

The commit below[0] adds a priority string called SSL3_RECORD_VERSION
that forces a compatibility mode where an SSL 3.0 record version is set
on the client hello. I have backported it to 2.6 branch as well.

[0].
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=27a05b85c390f3192fcf0c55c1b5c0196e33c727


regards,
Nikos





More information about the Gnutls-devel mailing list