Hi there, I met some issues when using gnutls APIs to setup my server to reject SSL 3.0 requests using "-VERS-SSL3.0". ( My whole priority string is "PERFORMANCE:!ARCFOUR-128:! ARCFOUR-40:-VERS-SSL3.0:%DISABLE_SAFE_RENEGOTIATION".) As in the wireshark capture, I found the handshake was kept on going without a handshake failure alert to be sent to client on gnutls 2.12.6.
So I have to planning to use gnutls_certificate_set_retrieve_function in my server to set a callback function who can be used to check the SSL version carried by Client Hello in order for server to reject the SSL3.0 request other than to accept it. But in my call back function, I can't retrieve the X.509 certificate and private key using gnutls_session_t as the index after I searched the gnutls APIs description at http://www.gnu.org/software/gnutls/manual/gnutls.html and the all the examples included. Would you know how can I specify the priority string or how can I achieve this using this callback function or any other alternative can be used instead? Many thanks, Volan
_______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
