[gnutls-devel] GnuTLS | gnutls doesn't fallback to TLS1.2 automatically (#1053)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Aug 25 11:48:15 CEST 2020
Daiki Ueno commented:
Apologies for the delay. It seems that the GnuTLS client is sending TLSPlaintext with the legacy_record_version set to TLS 1.0. This is okay for the first Client Hello, but after Hello Retry Request the field must be set to TLS 1.2, according to the RFC:
```
legacy_record_version: MUST be set to 0x0303 for all records
generated by a TLS 1.3 implementation other than an initial
ClientHello (i.e., one not generated after a HelloRetryRequest),
where it MAY also be 0x0301 for compatibility purposes.
```
If I manually modify the version in a GDB session (in `copy_record_version` in record.c), the command works as expected.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1053#note_401589913
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200825/6bfa0398/attachment-0001.html>
More information about the Gnutls-devel
mailing list