[gnutls-devel] -VERS-DTLS-ALL and -VERS-TLS-ALL also disable TLS/DTLS respectively
Andreas Metzler
ametzler at bebt.de
Mon Dec 15 19:14:03 CET 2014
Hello,
this is http://bugs.debian.org/773145 submitted by Josh Triplett:
-------------------------------------
$ gnutls-cli --priority=PFS -l | grep '^Protocols:'
Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0, VERS-DTLS1.2, VERS-DTLS1.0
$ gnutls-cli --priority=PFS:-VERS-DTLS-ALL -l | grep '^Protocols:'
Protocols: none
$ gnutls-cli --priority=PFS:-VERS-TLS-ALL -l | grep '^Protocols:'
Protocols: none
I'd expect the following instead:
$ gnutls-cli --priority=PFS:-VERS-DTLS-ALL -l | grep '^Protocols:'
Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0
$ gnutls-cli --priority=PFS:-VERS-TLS-ALL -l | grep '^Protocols:'
Protocols: VERS-DTLS1.2, VERS-DTLS1.0
- Josh Triplett
-------------------------------------
Not much to add, except that it also applies to 3.3.11 and is not
limited to negation, s can be seen by looking at
NORMAL:-VERS-DTLS-ALL:+VERS-TLS-ALL.
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Gnutls-devel
mailing list