Simon Iremonger <[email protected]> writes: > My suggestion is that may make best sense for tf5 to (if possible) > disable TLS1.3 usage until this is sorted out in gnutls-land, or indeed, > openssl 2.0 reaches debian and can just be used with tf5 instead!
I (finally) took a look at this, and sadly there does not appear to be any way to disable TLSv1.3 using the GnuTLS OpenSSL compatibility library. The symbols exposed are fairly minimal, and I went through the hopeful ones and none of them support that. I'm not sure what's going on here given that a connection to a TLSv1.3 test server seems to work given your follow-up message. Hopefully OpenSSL will eventually release under an Apache 2.0 license, and then this can be resolved by using OpenSSL directly. -- Russ Allbery ([email protected]) <https://www.eyrie.org/~eagle/>
