alleged attack on TLS

Nikos Mavrogiannopoulos nmav at
Fri Sep 23 21:37:48 CEST 2011

On 09/23/2011 02:52 PM, Stephane Bortzmeyer wrote:

>> * Disable SSL 3.0 and TLS 1.0
> So, with mod_gnutls, you suggest:
> GnuTLSPriorities NORMAL:!VERS-TLS1.0:!VERS-SSL3.0

As I said this before this would enforce the secure modes and if cannot 
be negotiated will fail. An alternative approach would be to all the 
"NORMAL" priorities and if TLS1.0 or SSL3.0 are negotiated warn the peer 
with an application protocol message (i.e. in case of a web server with 
a special web page) and close the connection.


More information about the Gnutls-help mailing list