[gnutls-devel] GnuTLS | Prevent applications from combining legacy versions of TLS with TLS1.3 (!815)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Nov 20 11:33:47 CET 2018


New Merge Request !815

https://gitlab.com/gnutls/gnutls/merge_requests/815

Branches: tmp-tls10-tls13-fix to master
Author:    Nikos Mavrogiannopoulos
Assignee:  
Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim Rühsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tomáš Mráz, Anderson Sasaki and GnuTLS devel mailing list


It can happen that an application due to a misconfiguration, enables TLS1.3
in combination with TLS1.0 or TLS1.1 only. In that case a server which is
unaware of the TLS1.3 protocol will reply by selecting the TLS1.2 protocol
instead and that answer will be rejected by the client. With this change
we ensure that TLS1.3 is not enabled in these problematic scenarios.


## Checklist
 * [x] Code modified for feature
 * [x] Test suite updated with functionality tests
 * [ ] Documentation updated / NEWS entry present (for non-trivial changes)

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/815
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181120/8b6fbfeb/attachment.html>


More information about the Gnutls-devel mailing list