[Help-gnutls] Re: support for ssl3.0 connection
Simon Josefsson
simon at josefsson.org
Wed Aug 20 16:42:11 CEST 2008
Brian Lavender <brian at brie.com> writes:
> Thanks for the feedback on the previous questions.
>
> I am looking at the docs for selecting different protocols and different
> ciphersuites. I would like my server connection to attempt ssl3.0 first.
> I see the command gnutls_priority_init, but I am a little unsure how to
> tell it to attempt ssl3.0 first. What sort of string should I use for
> the command?
>
> char *error_loc;
>
> gnutls_priority_init(&priority_cache, "NORMAL:SSL3.0",**error_loc)
I don't think it is possible to attempt SSL 3.0 before TLS 1.0: the
highest mutually supported version number will be used. If both systems
support SSL 3.0, TLS 1.0 and TLS 1.1, the only way to negotiate SSL 3.0
is to disable TLS 1.0 and TLS 1.1.
To disable TLS 1.0 and TLS 1.1 (which are both enabled by default)
you'll want to use a priority string like:
NORMAL:-VERS-TLS1.0:-VERS-TLS1.1
/Simon
More information about the Gnutls-help
mailing list