[gnutls-devel] GnuTLS | RFC7250 Raw public keys (!650)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Tue Nov 27 13:11:51 CET 2018
Nikos Mavrogiannopoulos started a new discussion on lib/includes/gnutls/gnutls.h.in:
> * @GNUTLS_POST_HANDSHAKE_AUTH: Enable post handshake authentication for server and client. When set and
> * a server requests authentication after handshake %GNUTLS_E_REAUTH_REQUEST will be returned
> * by gnutls_record_recv(). A client should then call gnutls_reauth() to re-authenticate.
> + * @GNUTLS_NO_AUTO_REKEY: Disable auto-rekeying under TLS1.3. If this option is not specified
> + * gnutls will force a rekey after 2^24 records have been sent.
> * @GNUTLS_SAFE_PADDING_CHECK: Flag to indicate that the TLS 1.3 padding check will be done in a
> * safe way which doesn't leak the pad size based on GnuTLS processing time. This is of use to
> * applications which hide the length of transferred data via the TLS1.3 padding mechanism and
> * are already taking steps to hide the data processing time. This comes at a performance
> * penalty.
> - * @GNUTLS_ENABLE_CERT_TYPE_NEG: Enable certificate type negotiation extensions (RFC7250).
> + * @GNUTLS_ENABLE_EARLY_START: Under TLS1.3 allow the server to return earlier than the full handshake
> + * finish; similarly to false start the handshake will be completed once data are received by the
> + * client, while the server is able to transmit sooner. This is not enabled by default as it could
> + * break certain existing server assumptions and use-cases. Since 3.6.4.
> + * @GNUTLS_ENABLE_RAWPK: Enables raw public-key credentials to be used during the handshaked. Since 3.6.5.
Maybe: 'allows raw public keys to be negotiated during the handshake.' (note also the typo in 'handshaked')
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/650#note_120387144
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181127/e563a51e/attachment-0001.html>
More information about the Gnutls-devel
mailing list