[gnutls-devel] GnuTLS | Prevent applications from combining legacy versions of TLS with TLS1.3 (!815)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Nov 27 11:45:13 CET 2018


>  In that particular case the application was specifically requesting for TLS1.1 and TLS1.0 thus disabling them and only allowing TLS1.3 would have been the wrong thing to do, in terms of what the application intended, and in practice as its server did not support TLS1.3.

Ok, I think I understood better the problematic scenario. It is about TLS1.3 being unexpectedly enabled by default after upgrading gnutls. So the expected behaviour, by this application point of view, is to disable any version >TLS1.2 when using "NORMAL:-VERS-TLS1.2", for example.

Anyway, thinking better, I agree that it is not that bad to require TLS1.2 to be enabled together with TLS1.3 because this is enforced only when TLS1.0/1.1 are enabled.

So, Approved.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/815#note_120358350
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181127/ac93bd1a/attachment.html>


More information about the Gnutls-devel mailing list