GnuTLS, OpenSSL support for TLS1.1, 1.2

Vivek Dasmohapatra vivek at
Fri Jan 29 14:14:31 CET 2010

> I don't see anything beyond TLSv1.0 in /usr/include/openssl/tls1.h on my
> system.  If you have any more reliable information, please let us know.

I ran up against a buggy proprietary server which a user reported didn't 
work with our GnuTLS backend but did with OpenSSL - turned out to be 
because the server exploded in a messy fireball if it saw a minor version
of the protocol in the client hello that it didn't know about, instead of
responding with the highest protocol level it supported (analysed with 
ssltap from libnss3 - is there an equivalent from GnuTLS, btw?): The
OpenSSL verssion worked because it only ever advertised TLS1.0, and I 
couldn't find any reference to making it advertise a higher version of the
protocol. Not conclusive, but it does point to OpenSSL not implementing
TLS 1.1 or 1.2 (at least in any documented, on-by-default way).

More information about the Gnutls-devel mailing list