[gnutls-devel] GnuTLS | Prevent applications from combining legacy versions of TLS with TLS1.3 (!815)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Nov 26 17:23:42 CET 2018


I couldn't find issues in the code. But I don't know if I agree that this behaviour is the best. I mean, if you are trying to add TLS1.3, probably you want to use it. But with this fix, when someone tries to "upgrade" the configuration by adding TLS1.3, he/she can end up with only pre-TLS1.2 protocols enabled.

Wouldn't be better to drop TLS1.1/1.0 and keep TLS1.3 instead of the other way around? Or maybe automatically add TLS1.2 when it is missing?

I understand that any choice can lead to some confusion when the actual result does not match the expected one, but I would prefer to have a more secure configuration as the final result when such problematic configuration is provided.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/815#note_120145760
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181126/2ec7e175/attachment.html>


More information about the Gnutls-devel mailing list