[gnutls-devel] GnuTLS | gnutls_priority_set in post client hello function breaks handshake for clients with TLS versions < 1.3 (#580)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Oct 2 10:42:55 CEST 2018

Note that the more I think about it, the more I think that what I mentioned as a work-around, may be a better solution for `mod_gnutls`. The reason is that the post-client-hello is quite late (few parameters are already selected) to allow a significant change in the priorities, and if you set the priority string there you always risk for particular priority strings breaking sessions. We can with the new test guarantee that specific use-cases work, though it will never be a fail-proof way.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/580#note_105745891
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20181002/210cf1a2/attachment.html>

More information about the Gnutls-devel mailing list