[Help-gnutls] Default record version

Martin von Gagern Martin.vGagern at gmx.net
Sun Feb 15 20:32:28 CET 2009


Hi Nikos, thanks for your reply!

Nikos Mavrogiannopoulos wrote:
>> My first question is this: is there a good reason that GnuTLS doesn't
>> indicate an older record version in accordance with appendix E by default?
> 
> This is tricky. There are other servers that do not operate well if the
> client hello version does not match record version. This is the reason
> why gnutls has this behavior. Of course this was noticed many years ago.
> I don't know how many servers now have this problem.

I see, and in that light it might make sense to not have the Appendix E
behaviour by default. In my opinion, it would be desirable if you could
at least configure GnuTLS to use that approach, though.

>> It seems that _gnutls_record_set_default_version would provide a way to
>> get the intended behaviour of an older record version but a recent
>> client hello version. That function doesn't seem to be intended as part
>> of the public interface of GnuTLS, though [3]. Why is that?
> 
> It was meant as a hack to test for buggy servers that I mentioned above.
> I don't think it should be normally used. A better solution would be to
> have a priority string %RFC4346 that would enforce that behavior. What
> do you think on that?

The reference to RFC 4346 in your sentence confuses me, especially as I
see no reference to a "priority string" in that RFC. The only possible
interpretation of your suggestion would be to use a call to
gnutls_protocol_set_priority in order to disable TLS 1.1, thus enforcing
a TLS 1.0 record header and client hello.

While this approach does solve the backwards compatibility problem, it
breaks forward compatibility. There is a good chance that the
restriction will stay in the client code long after all servers have
been updated to deal with TLS 1.1 or later, maybe even long after newly
found security issues with TLS 1.0 advise against its use. So while
feasible, I'm not happy with this approach.

With only the record version changed, the backwards compatibility would
be ensured (at least with the server in question), while there is a good
chance that future implementations might negotiate a higher version
based on the hello messages.

If _gnutls_record_set_default_version can do this, and there is no plan
that forces the removal of this functionality in the near future, I'd
love to see it made official, so that clients can configure their own
backwards compatibility, based on whether high record versions or record
versions not matching hello versions are more likely to cause trouble.

Would I have to take the issues to the dev mailing list to get a
decision on this?

Greetings,
 Martin



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090215/bf722f88/attachment.pgp>


More information about the Gnutls-help mailing list