On 09/23/2011 02:52 PM, Stephane Bortzmeyer wrote:
* Disable SSL 3.0 and TLS 1.0
So, with mod_gnutls, you suggest:
GnuTLSPriorities NORMAL:!VERS-TLS1.0:!VERS-SSL3.0
As I said this before this would enforce the secure modes and if cannot
be negotiated will fail. An alternative approach would be to all the
"NORMAL" priorities and if TLS1.0 or SSL3.0 are negotiated warn the peer
with an application protocol message (i.e. in case of a web server with
a special web page) and close the connection.
regards,
Nikos
_______________________________________________
Help-gnutls mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/help-gnutls
