[gnutls-devel] GnuTLS | gnutls_protocol_set_enabled struggles with enabling originally disabled protocols (#1307)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Fri Feb 11 10:46:46 CET 2022

Alexander Sosedkin commented:

I suppose this should be generalized to "new allowlisting API calls do not regenerate TLS priority string". Works both ways: something unblocked later won't be negotiated and something blocked later will be still considered for negotiation and fail hard.

One way out of it could be embracing it, actually. We can restrict the API usage, defer setting custom TLS priority strings and make the configuration strictly serial, layer-by-layer: config loading happens first, new API calls happen second (only allowed until the first gnutls_init), setting custom TLS priority strings comes third.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1307#note_839618685
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220211/5f997f3e/attachment.html>

More information about the Gnutls-devel mailing list