[gnutls-help] gnutls 3.6.4 clients unable to talk to gnutls 3.6.5 servers due to record-size-limit extension in ServerHello

Lennert Buytenhek buytenh at wantstofly.org
Fri Jan 4 14:07:52 CET 2019


Hello!

I'm using a TLS application which broke after upgrading the server to
GnuTLS 3.6.5, because the GnuTLS 3.6.5 server now sends a record-size-limit
extension (28) in its ServerHello, which the 3.6.4-using client doesn't
grok, and the handshake dies on the client side with:

	gnutls_handshake: An illegal TLS extension was received.

This appears to mean that GnuTLS <= 3.6.4 clients will not be able to
talk to GnuTLS 3.6.5 servers at all?

I understand that GnuTLS <= 3.6.4 are buggy in the sense that they do
not accept a record-size-limit extension received in a ServerHello even
though it is legal to send this extension in a ServerHello, but is there
at least a way to turn off sending this extension on the server side, so
that it can continue to interoperate with older clients until those can
be upgraded?  (I didn't see any such way.)


Thanks,
Lennert



More information about the Gnutls-help mailing list