[gnutls-devel] _gnutls_extension_list_check() isn't RFC 5746 compliant
Henrik Grubbström
grubba at roxen.com
Mon Dec 30 19:22:29 CET 2013
On Mon, 30 Dec 2013, Henrik Grubbström wrote:
> Hi.
>
> The gnutls-cli-debug 3.2.8 test "Checking for SSL 3.0 support" fails against
> servers that implement RFC 5746.
Oops, sorry, please disregard.
The problem was that my server sent the EC_POINT_FORMATS extension always
when negotiating an ECC cipher suite, even when the client hadn't provided
the extension, and thus breaking RFC 4492 5.2:
The Supported Point Formats Extension is included in a ServerHello
message in response to a ClientHello message containing the Supported
Point Formats Extension when negotiating an ECC cipher suite.
Once again Happy New Year!
--
Henrik Grubbström grubba at grubba.org
Roxen Internet Software AB grubba at roxen.com
More information about the Gnutls-devel
mailing list