alleged attack on TLS
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Sep 23 21:37:48 CEST 2011
On 09/23/2011 02:52 PM, Stephane Bortzmeyer wrote:
>> * Disable SSL 3.0 and TLS 1.0
> So, with mod_gnutls, you suggest:
> GnuTLSPriorities NORMAL:!VERS-TLS1.0:!VERS-SSL3.0
As I said this before this would enforce the secure modes and if cannot
be negotiated will fail. An alternative approach would be to all the
"NORMAL" priorities and if TLS1.0 or SSL3.0 are negotiated warn the peer
with an application protocol message (i.e. in case of a web server with
a special web page) and close the connection.
regards,
Nikos
More information about the Gnutls-help
mailing list