How to reject SSL 3.0 on gnutls 2.12.6

volan shu volanshu at
Sun Jul 10 12:11:59 CEST 2011

Hi there,

I met some issues when using gnutls APIs to setup my server to reject SSL
3.0 requests using "-VERS-SSL3.0". ( My whole priority string is
capture, I found the handshake was kept on going without a handshake failure
alert to be sent to client on gnutls 2.12.6.

So I have to planning to use gnutls_certificate_set_retrieve_function in my
server to set a callback function who can be used to check the SSL version
carried by Client Hello in order for server to reject the SSL3.0 request
other than to accept it. But in my call back function, I can't retrieve the
X.509 certificate and private key using gnutls_session_t as the index after
I searched the gnutls APIs description at and the all the
examples included.

Would you know how can I specify  the priority string or how can I achieve
this using this callback function or any other alternative can be used

Many thanks,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110710/335a67b3/attachment.htm>

More information about the Gnutls-help mailing list