[gnutls-devel] GnuTLS | Disable TLS 1.3 dynamically during handshake if bad KX is enabed in priority (#825)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri Sep 6 06:43:28 CEST 2019




Nikos Mavrogiannopoulos commented:


If we co-ordinate the inclusion of both gost in tls1.3 and tls1.2 will this be addressed? The current approach is that given that GOST-CNT are TLS1.2-only we disable TLS1.3 completely when it is enabled, is quite simple easy to enforce and also for users to understand. I guess the problem you see arises when the gost algorithms are included in the default set (and `KX-ALL` includes it), right? My expectation from the string `-VER-TLS-ALL:+VER-TLS1.3:+KX-ALL` is that only TLS1.3 ciphersuites are negotiated and not gost. Isn't this correct, or isn't this the behavior you notice?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/825#note_213335812
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190906/1a27e20a/attachment.html>


More information about the Gnutls-devel mailing list