[gnutls-devel] GnuTLS | Disable TLS 1.3 dynamically during handshake if bad KX is enabed in priority (#825)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Sep 6 21:06:12 CEST 2019




Dmitry Eremin-Solenikov commented:


No, it won't. TLS 1.3 will use completely different ciphersuites/algorithms. And on top of that GOST-TLS1.3 probably won't get deployed in several years.

For me the whole story is about server which supports both TLS 1.2 and TLS 1.3 and has both ECDSA and GOST certificates. Now assume misconfigured client which sends TLS 1.3 + TLS 1.2 + GOST ciphersuite. Should they be able to interoperate?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/825#note_213672391
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190906/75aa7d93/attachment-0001.html>


More information about the Gnutls-devel mailing list