[Help-gnutls] Default record version

Martin von Gagern Martin.vGagern at gmx.net
Sat Feb 21 14:57:42 CET 2009


Martin von Gagern wrote:
> Nikos Mavrogiannopoulos wrote:
>> The commit below adds a priority string called SSL3_RECORD_VERSION
>> that forces a compatibility mode where an SSL 3.0 record version is set
>> on the client hello. I have backported it to 2.6 branch as well.
> 
> Thanks a lot! I'll test that, and get back to you if anything doesn't
> work as expected. Otherwise that seems like a suitable solution.

The implementation itself seems to work well enough, thanks for that!

You might want to check the generated documentation, though. Looking at
the man page of gnutls_priority_init(3), it looks like gdoc was eating
the percent signs, while nroff eats lines starting with an apostrophe.

It would also be nice to have a test in gnutls-cli-debug, to see whether
a connection can be established with SSL3 record version but TLS1.1
client hello version, and if so, what version was actually negotiated.

Greetings,
 Martin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090221/aac93238/attachment.pgp>


More information about the Gnutls-devel mailing list