How to reject SSL 3.0 on gnutls 2.12.6
volan shu
volanshu at gmail.com
Sun Jul 10 12:11:59 CEST 2011
Hi there,
I met some issues when using gnutls APIs to setup my server to reject SSL
3.0 requests using "-VERS-SSL3.0". ( My whole priority string is
"PERFORMANCE:!ARCFOUR-128:!
ARCFOUR-40:-VERS-SSL3.0:%DISABLE_SAFE_RENEGOTIATION".) As in the wireshark
capture, I found the handshake was kept on going without a handshake failure
alert to be sent to client on gnutls 2.12.6.
So I have to planning to use gnutls_certificate_set_retrieve_function in my
server to set a callback function who can be used to check the SSL version
carried by Client Hello in order for server to reject the SSL3.0 request
other than to accept it. But in my call back function, I can't retrieve the
X.509 certificate and private key using gnutls_session_t as the index after
I searched the gnutls APIs description at
http://www.gnu.org/software/gnutls/manual/gnutls.html and the all the
examples included.
Would you know how can I specify the priority string or how can I achieve
this using this callback function or any other alternative can be used
instead?
Many thanks,
Volan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110710/335a67b3/attachment.htm>
More information about the Gnutls-help
mailing list