diff options
author | Daiki Ueno <dueno@redhat.com> | 2019-09-26 16:45:25 +0200 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2019-09-27 10:14:53 +0200 |
commit | 3fd28f9a400f371291c05c89b5b8014cebd2d315 (patch) | |
tree | c45f8d4a3196caa7865be54828c3f00ba538045d /NEWS | |
parent | 0bb87a8712d48a0e0c3cf97c7ca7830603b91176 (diff) | |
download | gnutls-3fd28f9a400f371291c05c89b5b8014cebd2d315.tar.gz |
ext/supported_versions: reorder client precedence if necessary
If the client advertises TLS < 1.2 before TLS 1.3 and the server is
configured with TLS 1.3 enabled, the server should select TLS 1.3;
otherwise the client will disconnect when seeing downgrade sentinel.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -18,6 +18,9 @@ See the end for copying conditions. ** libgnutls: added interoperability tests with gnutls 2.12.x; addressed issue with large record handling due to random padding (#811). +** libgnutls: the server now selects the highest TLS protocol version, + if TLS 1.3 is enabled and the client advertises an older protocol version first (#837). + ** API and ABI modifications: gnutls_aead_cipher_encryptv2: Added gnutls_aead_cipher_decryptv2: Added |