[gnutls-devel] GnuTLS | The flag %NO_EXTENSIONS is disabling extension support while being functional (!870)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Jan 10 07:59:57 CET 2019

New Merge Request !870


Branches: tmp-fix-no-extensions to master
Author:    Nikos Mavrogiannopoulos
Approvers: Simon Josefsson, Dmitry Eremin-Solenikov, Hubert Kario, Tim Rühsen, Andreas Metzler, Daiki Ueno, Tom, Ander Juaristi, Tomáš Mráz, Anderson Sasaki and GnuTLS devel mailing list

That is, the %NO_EXTENSIONS option is the only documented way to disable
extensions completely from a session. Clarify that message, mention that
its behavior is undefined when combine with TLS1.3, and make sure that it
is functional. The latter makes sure that safe renegotiation and extended
master secret extensions remain disabled when this flag is given.
That simplifies testing certain scenarios under TLS1.0 or TLS1.1 when
no extensions must be used.

## Checklist
 * [x] Code modified for feature
 * [x] Test suite updated with functionality tests

## Reviewer's checklist:
 * [ ] Any issues marked for closing are addressed
 * [ ] There is a test suite reasonably covering new functionality or modifications
 * [ ] Function naming, parameters, return values, types, etc., are consistent and according to `CONTRIBUTION.md`
 * [ ] This feature/change has adequate documentation added
 * [ ] No obvious mistakes in the code

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/merge_requests/870
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190110/8eaa573e/attachment.html>

More information about the Gnutls-devel mailing list