-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/12/2010 03:55 PM, Ludovic Courtès wrote: > OK, thanks for the explanation. > > Clients or servers can restrict the set of supported protocols with > ‘gnutls_protocol_set_priority’. So they could give SSL 3.0 higher > priority than other protocols, or something like that.
For some weird reasons at least lftp and libsoup go the "disable TLS" way. > Now, it seems weird that TLS handshake is used even when SSL 3.0 is > asked. Did you raise the issue on [email protected]? You have to ask for SSL 3.0 only, and that is accomplished by forbidding all TLS versions. So you have to forbid new versions no later than they come. The issue was discussed on gnutls-devel. The current state of affairs seems to seem hard to improve to the people involved... > Agreed. > > I don’t work on GnuTLS these days so I’d suggest discussing this on > [email protected]. I didn't hope for any specific help from you here, because it is no simple question (and libsoup people would take the better way if there was any). My motivation actually was to show that the real hard-to-fight problems come from simple hard-to-notice things, not from the merits of a way to avoid triggering too big a rebuild in corner cases... -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMOw7RAAoJEE6tnN0aWvw3fyEH/2YoGuQ6zoefitXfRQ2yqS0t 8AdGC0D+HdWvIT44xbdEFHf4s6i9wAyQ6zYztIH6EEDa9JOLvM1MVktrIPU/BI+m h4Gjalk3qWJn+4rrvgnzWqt/FBsgpyIm/OA8DAySmqQbg2IGQ7O0ihpXwh1dKXxG S3tBKr4fu6S/ZReAlN48pMTM/G+4tsFXcQ6hM+VpTNEqp6W70y8/zZjnVWicDbzl EFD7lvsinuU3rI3jwjEZ+IrYam0ItdFQrgvg/nS7RBXG3llNWpZWTC6u8ynYjhqt uf5wfxKAJ3Ulxq2oqWDfZ5nGBmNirz3ohkIL3s5ksiKcyUGxAbB+v9mrooOac1I= =rBSM -----END PGP SIGNATURE----- _______________________________________________ nix-dev mailing list [email protected] https://mail.cs.uu.nl/mailman/listinfo/nix-dev
