[gnutls-devel] -VERS-DTLS-ALL and -VERS-TLS-ALL also disable TLS/DTLS respectively

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Dec 16 13:05:59 CET 2014

On Mon, 2014-12-15 at 19:14 +0100, Andreas Metzler wrote:
> Hello,
> this is http://bugs.debian.org/773145 submitted by Josh Triplett:
> -------------------------------------
> $ gnutls-cli --priority=PFS -l | grep '^Protocols:'
> Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0, VERS-DTLS1.2, VERS-DTLS1.0
> $ gnutls-cli --priority=PFS:-VERS-DTLS-ALL -l | grep '^Protocols:'
> Protocols: none
> $ gnutls-cli --priority=PFS:-VERS-TLS-ALL -l | grep '^Protocols:'
> Protocols: none

Thanks for forwarding. Indeed, it looks like an issue and I'll check it,
but note that it is not serious or so. Even though DTLS is enabled by
default, it can only be used by applications which call gnutls_init()
with the GNUTLS_DATAGRAM option. Thus disabling TLS for them, or
disabling DTLS for the others wouldn't have any effect, as the
applications these protocols apply are clearly distinct (negotiation of
DTLS and TLS cannot be mixed).


More information about the Gnutls-devel mailing list