GnuTLS, OpenSSL support for TLS1.1, 1.2
vivek at collabora.co.uk
Fri Jan 29 14:14:31 CET 2010
> I don't see anything beyond TLSv1.0 in /usr/include/openssl/tls1.h on my
> system. If you have any more reliable information, please let us know.
I ran up against a buggy proprietary server which a user reported didn't
work with our GnuTLS backend but did with OpenSSL - turned out to be
because the server exploded in a messy fireball if it saw a minor version
of the protocol in the client hello that it didn't know about, instead of
responding with the highest protocol level it supported (analysed with
ssltap from libnss3 - is there an equivalent from GnuTLS, btw?): The
OpenSSL verssion worked because it only ever advertised TLS1.0, and I
couldn't find any reference to making it advertise a higher version of the
protocol. Not conclusive, but it does point to OpenSSL not implementing
TLS 1.1 or 1.2 (at least in any documented, on-by-default way).
More information about the Gnutls-devel