[gnutls-devel] -VERS-DTLS-ALL and -VERS-TLS-ALL also disable TLS/DTLS respectively
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Dec 16 13:05:59 CET 2014
On Mon, 2014-12-15 at 19:14 +0100, Andreas Metzler wrote:
> Hello,
>
> this is http://bugs.debian.org/773145 submitted by Josh Triplett:
> -------------------------------------
> $ gnutls-cli --priority=PFS -l | grep '^Protocols:'
> Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0, VERS-DTLS1.2, VERS-DTLS1.0
> $ gnutls-cli --priority=PFS:-VERS-DTLS-ALL -l | grep '^Protocols:'
> Protocols: none
> $ gnutls-cli --priority=PFS:-VERS-TLS-ALL -l | grep '^Protocols:'
> Protocols: none
Thanks for forwarding. Indeed, it looks like an issue and I'll check it,
but note that it is not serious or so. Even though DTLS is enabled by
default, it can only be used by applications which call gnutls_init()
with the GNUTLS_DATAGRAM option. Thus disabling TLS for them, or
disabling DTLS for the others wouldn't have any effect, as the
applications these protocols apply are clearly distinct (negotiation of
DTLS and TLS cannot be mixed).
regards,
Nikos
More information about the Gnutls-devel
mailing list