[gnutls-devel] GnuTLS | Inconsistency between GNUTLS_NO_EXTENSIONS flag and %NO_EXTENSIONS modifier (#1468)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Tue Mar 7 03:10:22 CET 2023
Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1468
While those flag and modifier are described similarly in the manual, the actual behavior is a bit different. `GNUTLS_NO_EXTENSIONS` only disables a certain set of extensions (status request and extended master secret), `%NO_EXTENSIONS` prevents sending any TLS extensions. We probably should name the former like `GNUTLS_NO_DEFAULT_EXTENSIONS` and/or document the current behavior properly.
Do not enable any TLS extensions by default (since 3.1.2). As TLS
1.2 and later require extensions this option is considered obsolete
and should not be used.
%NO_EXTENSIONS will prevent the sending of
any TLS extensions in client
side. Note that TLS 1.2
requires extensions to be
used, as well as safe
renegotiation thus this option
must be used with care. When
this option is set no versions
later than TLS1.2 can be
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1468
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel