diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-24 09:17:53 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2016-05-24 09:24:08 +0200 |
commit | 2ca4724e269a3c315f9223a788333d766e4fd8e6 (patch) | |
tree | b039356a5bfbb4a8a939e0657ce2c4f60af33bac | |
parent | c9aab018e855fee2c9d88a405268dd20b217462e (diff) | |
download | gnutls-2ca4724e269a3c315f9223a788333d766e4fd8e6.tar.gz |
doc: updated text on priority strings
Refer to RFC7685 for the TLS padding extension (%DUMBFW),
and mention the default behavior for the TLS client hello record version.
-rw-r--r-- | doc/cha-bib.texi | 5 | ||||
-rw-r--r-- | doc/cha-gtls-app.texi | 9 | ||||
-rw-r--r-- | doc/latex/gnutls.bib | 8 |
3 files changed, 19 insertions, 3 deletions
diff --git a/doc/cha-bib.texi b/doc/cha-bib.texi index e4a6f1be94..dc0a02e03a 100644 --- a/doc/cha-bib.texi +++ b/doc/cha-bib.texi @@ -31,6 +31,11 @@ Peter Saint-Andre and Jeff Hodges, "Representation and Verification of Domain-Ba March 2011, Available from @url{http://www.ietf.org/rfc/rfc6125.txt}. +@item @anchor{RFC7685}[RFC7685] +Adam Langley, "A Transport Layer Security (TLS) ClientHello Padding Extension", +October 2015, Available from +@url{http://www.ietf.org/rfc/rfc7685.txt}. + @item @anchor{RFC2246}[RFC2246] Tim Dierks and Christopher Allen, "The TLS Protocol Version 1.0", January 1999, Available from diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 7d25a5b536..9bb5437544 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1191,12 +1191,13 @@ problematic clients and servers is achieved. More specifically this string would disable TLS record random padding, tolerate packets over the maximum allowed TLS record, and add a padding to TLS Client Hello packet to prevent it being in the 256-512 range which is known -to be causing issues with a commonly used firewall. +to be causing issues with a commonly used firewall (see the %DUMBFW option). @item %DUMBFW @tab will add a private extension with bogus data that make the client hello exceed 512 bytes. This avoids a black hole behavior in some -firewalls. This is a non-standard TLS extension, use with care. +firewalls. This is the @xcite{rfc7685} client hello padding extension, also enabled +with %COMPAT. @item %NO_EXTENSIONS @tab will prevent the sending of any TLS extensions in client side. Note @@ -1217,7 +1218,9 @@ and not the client's. @item %SSL3_RECORD_VERSION @tab will use SSL3.0 record version in client hello. -This is the default. +By default GnuTLS will set the minimum supported version as the +client hello record version (do not confuse that version with the +proposed handshake version at the client hello). @item %LATEST_RECORD_VERSION @tab will use the latest TLS version record version in client hello. diff --git a/doc/latex/gnutls.bib b/doc/latex/gnutls.bib index f242870b27..16f983dc45 100644 --- a/doc/latex/gnutls.bib +++ b/doc/latex/gnutls.bib @@ -51,6 +51,14 @@ url = "http://www.ietf.org/rfc/rfc6125" } +@Misc{ RFC7685, + author = "Adam Langley", + title = "{A Transport Layer Security (TLS) ClientHello Padding Extension}", + month = "October", + year = "2015", + note = "Available from \url{http://www.ietf.org/rfc/rfc7685}", + url = "http://www.ietf.org/rfc/rfc7685" +} @Misc{ RFC2246 , author = "Tim Dierks and Christopher Allen", title = "{The TLS Protocol Version 1.0}", |