diff options
| author | Simon Josefsson <simon@josefsson.org> | 2009-02-11 17:30:58 +0100 |
|---|---|---|
| committer | Simon Josefsson <simon@josefsson.org> | 2009-02-11 17:30:58 +0100 |
| commit | a3ac6ce0a076e5b8c4e566573e906e3a35686493 (patch) | |
| tree | 7a718fe74b1f1aaf4a051f01dc969e74e2e68278 | |
| parent | b6d7c1c1c6f9e0b49d379ea66f46900909471001 (diff) | |
| download | gnutls-a3ac6ce0a076e5b8c4e566573e906e3a35686493.tar.gz | |
gnutls-serv: No longer disable MAC padding by default.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | src/serv.c | 5 |
2 files changed, 3 insertions, 5 deletions
@@ -13,6 +13,9 @@ information. This avoids code duplication. Use --priority NORMAL:%VERIFY_ALLOW_X509_V1_CA_CRT to permit V1 CAs to be used for chain verification. +** gnutls-serv: No longer disable MAC padding by default. +Use --priority NORMAL:%COMPAT to disable MAC padding again. + ** libgnutls: New priority strings %VERIFY_ALLOW_SIGN_RSA_MD5 ** and %VERIFY_ALLOW_X509_V1_CA_CRT. They can be used to override the default certificate chain validation diff --git a/src/serv.c b/src/serv.c index 218f64e65a..cef62ab587 100644 --- a/src/serv.c +++ b/src/serv.c @@ -412,11 +412,6 @@ initialize_session (void) gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); } - /* Set maximum compatibility mode. This is only suggested on public webservers - * that need to trade security for compatibility - */ - gnutls_session_enable_compatibility_mode (session); - #ifdef ENABLE_OPRFI if (info.opaque_prf_input) gnutls_oprfi_enable_server (session, oprfi_callback, NULL); |