[gnutls-devel] GnuTLS | DTLS priority enables TLS1.2 (#1054)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Tue Jul 28 12:11:06 CEST 2020

Miroslav Lichvar created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1054

## Description of problem:
On a TLS server, I'd like to disable all TLS versions before TLSv1.3. When I set the priority to
it seems clients can still connect using TLS1.2. But when I add there `-VERS-DTLS-ALL`, it works as expected. If DTLS1.0 or DTLS1.2 is enabled, the server allows the client to use TLS1.2. I think that's unexpected, or at least I couldn't find an explanation in the documentation.

## Version of gnutls used:

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

## How reproducible:

Steps to Reproduce:

 * gnutls-serv --x509keyfile=server.key --x509certfile=server.crt --priority="NORMAL:-VERS-TLS1.2:-VERS-TLS1.0:-VERS-TLS1.1"
 * gnutls-cli server.example.net -p 5556 --priority="NORMAL:-VERS-ALL:+VERS-TLS1.2"

## Actual results:
Handshake completed

## Expected results:
Handshake failed

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1054
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200728/7506ba5b/attachment.html>

More information about the Gnutls-devel mailing list