[gnutls-devel] -VERS-DTLS-ALL and -VERS-TLS-ALL also disable TLS/DTLS respectively

Andreas Metzler ametzler at bebt.de
Mon Dec 15 19:14:03 CET 2014


Hello,

this is http://bugs.debian.org/773145 submitted by Josh Triplett:

-------------------------------------
$ gnutls-cli --priority=PFS -l | grep '^Protocols:'
Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0, VERS-DTLS1.2, VERS-DTLS1.0
$ gnutls-cli --priority=PFS:-VERS-DTLS-ALL -l | grep '^Protocols:'
Protocols: none
$ gnutls-cli --priority=PFS:-VERS-TLS-ALL -l | grep '^Protocols:'
Protocols: none

I'd expect the following instead:

$ gnutls-cli --priority=PFS:-VERS-DTLS-ALL -l | grep '^Protocols:'
Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0
$ gnutls-cli --priority=PFS:-VERS-TLS-ALL -l | grep '^Protocols:'
Protocols: VERS-DTLS1.2, VERS-DTLS1.0

- Josh Triplett
-------------------------------------

Not much to add, except that it also applies to 3.3.11 and is not
limited to negation, s can be seen by looking at 
NORMAL:-VERS-DTLS-ALL:+VERS-TLS-ALL.

cu Andreas
-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'



More information about the Gnutls-devel mailing list