ext/supported_versions: reorder client precedence if necessary

If the client advertises TLS < 1.2 before TLS 1.3 and the server is configured with TLS 1.3 enabled, the server should select TLS 1.3; otherwise the client will disconnect when seeing downgrade sentinel. Signed-off-by: Daiki Ueno <dueno@redhat.com>
author: Daiki Ueno <dueno@redhat.com> 2019-09-26 16:45:25 +0200
committer: Daiki Ueno <dueno@redhat.com> 2019-09-27 10:14:53 +0200
commit: 3fd28f9a400f371291c05c89b5b8014cebd2d315 (patch)
tree: c45f8d4a3196caa7865be54828c3f00ba538045d /NEWS
parent: 0bb87a8712d48a0e0c3cf97c7ca7830603b91176 (diff)
download: gnutls-3fd28f9a400f371291c05c89b5b8014cebd2d315.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index e0320042c3..b8278e11d9 100644
--- a/NEWS
+++ b/NEWS
@@ -18,6 +18,9 @@ See the end for copying conditions.
 ** libgnutls: added interoperability tests with gnutls 2.12.x; addressed
    issue with large record handling due to random padding (#811).
 
+** libgnutls: the server now selects the highest TLS protocol version,
+   if TLS 1.3 is enabled and the client advertises an older protocol version first (#837).
+
 ** API and ABI modifications:
 gnutls_aead_cipher_encryptv2: Added
 gnutls_aead_cipher_decryptv2: Added
author	Daiki Ueno <dueno@redhat.com>	2019-09-26 16:45:25 +0200
committer	Daiki Ueno <dueno@redhat.com>	2019-09-27 10:14:53 +0200
commit	3fd28f9a400f371291c05c89b5b8014cebd2d315 (patch)
tree	c45f8d4a3196caa7865be54828c3f00ba538045d /NEWS
parent	0bb87a8712d48a0e0c3cf97c7ca7830603b91176 (diff)
download	gnutls-3fd28f9a400f371291c05c89b5b8014cebd2d315.tar.gz