<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
GitLab
</title>


<style>img {
max-width: 100%; height: auto;
}
</style>
</head>
<body>
<div class="content">
<div>
<blockquote dir="auto">
<p>In that particular case the application was specifically requesting for TLS1.1 and TLS1.0 thus disabling them and only allowing TLS1.3 would have been the wrong thing to do, in terms of what the application intended, and in practice as its server did not support TLS1.3.</p>
</blockquote>
<p dir="auto">Ok, I think I understood better the problematic scenario. It is about TLS1.3 being unexpectedly enabled by default after upgrading gnutls. So the expected behaviour, by this application point of view, is to disable any version >TLS1.2 when using "NORMAL:-VERS-TLS1.2", for example.</p>
<p dir="auto">Anyway, thinking better, I agree that it is not that bad to require TLS1.2 to be enabled together with TLS1.3 because this is enforced only when TLS1.0/1.1 are enabled.</p>
<p dir="auto">So, Approved.</p>
</div>


</div>
<div class="footer" style="margin-top: 10px;">
<p style="font-size: small; color: #777777;">
—
<br>
Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/merge_requests/815#note_120358350">view it on GitLab</a>.
<br>
You're receiving this email because of your account on gitlab.com.
If you'd like to receive fewer emails, you can
<a href="https://gitlab.com/sent_notifications/bb80d728324ebd9924d825d6328613d3/unsubscribe">unsubscribe</a>
from this thread or
adjust your notification settings.
<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Merge request","url":"https://gitlab.com/gnutls/gnutls/merge_requests/815#note_120358350"}}</script>
</p>
</div>
</body>
</html>