[gnutls-devel] _gnutls_extension_list_check() isn't RFC 5746 compliant
grubba at roxen.com
Mon Dec 30 19:22:29 CET 2013
On Mon, 30 Dec 2013, Henrik Grubbström wrote:
> The gnutls-cli-debug 3.2.8 test "Checking for SSL 3.0 support" fails against
> servers that implement RFC 5746.
Oops, sorry, please disregard.
The problem was that my server sent the EC_POINT_FORMATS extension always
when negotiating an ECC cipher suite, even when the client hadn't provided
the extension, and thus breaking RFC 4492 5.2:
The Supported Point Formats Extension is included in a ServerHello
message in response to a ClientHello message containing the Supported
Point Formats Extension when negotiating an ECC cipher suite.
Once again Happy New Year!
Henrik Grubbström grubba at grubba.org
Roxen Internet Software AB grubba at roxen.com
More information about the Gnutls-devel