[gnutls-devel] GnuTLS | Inconsistency between GNUTLS_NO_EXTENSIONS flag and %NO_EXTENSIONS modifier (#1468)

[Read-only notification of GnuTLS library development activities]

Daiki Ueno created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1468



While those flag and modifier are described similarly in the manual, the actual behavior is a bit different. `GNUTLS_NO_EXTENSIONS` only disables a certain set of extensions (status request and extended master secret), `%NO_EXTENSIONS` prevents sending any TLS extensions. We probably should name the former like `GNUTLS_NO_DEFAULT_EXTENSIONS` and/or document the current behavior properly.
```
'GNUTLS_NO_EXTENSIONS'
     Do not enable any TLS extensions by default (since 3.1.2).  As TLS
     1.2 and later require extensions this option is considered obsolete
     and should not be used.
```
```
%NO_EXTENSIONS                   will prevent the sending of
                                 any TLS extensions in client
                                 side.  Note that TLS 1.2
                                 requires extensions to be
                                 used, as well as safe
                                 renegotiation thus this option
                                 must be used with care.  When
                                 this option is set no versions
                                 later than TLS1.2 can be
                                 negotiated.
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1468
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20230307/13dbe966/attachment.html>