[gnutls-devel] _gnutls_extension_list_check() isn't RFC 5746 compliant

Henrik Grubbström grubba at roxen.com
Mon Dec 30 19:22:29 CET 2013

On Mon, 30 Dec 2013, Henrik Grubbström wrote:

> Hi.
> The gnutls-cli-debug 3.2.8 test "Checking for SSL 3.0 support" fails against 
> servers that implement RFC 5746.

Oops, sorry, please disregard.

The problem was that my server sent the EC_POINT_FORMATS extension always 
when negotiating an ECC cipher suite, even when the client hadn't provided
the extension, and thus breaking RFC 4492 5.2:

   The Supported Point Formats Extension is included in a ServerHello
   message in response to a ClientHello message containing the Supported
   Point Formats Extension when negotiating an ECC cipher suite.

Once again Happy New Year!

Henrik Grubbström					grubba at grubba.org
Roxen Internet Software AB				grubba at roxen.com

More information about the Gnutls-devel mailing list