summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorDaiki Ueno <ueno@gnu.org>2021-04-16 13:56:40 +0200
committerDaiki Ueno <ueno@gnu.org>2021-04-17 20:18:29 +0200
commitdc1defac66c2bc654a1aa49222ce268aff74cb75 (patch)
treeb5e9d60a2a95e5674fe45d0170989bfe7a5a91cf /doc
parenta6a45ad0a75e950119e8e529a5f7f505ce0311c7 (diff)
downloadgnutls-dc1defac66c2bc654a1aa49222ce268aff74cb75.tar.gz
priority: add option to disable TLS 1.3 middlebox compatibility mode
This adds a new option %DISABLE_TLS13_COMPAT_MODE to disable TLS 1.3 compatibility mode at run-time. Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/cha-gtls-app.texi4
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi
index 36ba55e3ab..2399bf82eb 100644
--- a/doc/cha-gtls-app.texi
+++ b/doc/cha-gtls-app.texi
@@ -1610,6 +1610,10 @@ client hello. Note that this should be set only by applications that
try to reconnect with a downgraded protocol version. See RFC7507 for
details.
+@item %DISABLE_TLS13_COMPAT_MODE @tab
+will disable TLS 1.3 middlebox compatibility mode (RFC8446, Appendix
+D.4) for non-compliant middleboxes.
+
@item %VERIFY_ALLOW_BROKEN @tab
will allow signatures with known to be broken algorithms (such as MD5 or
SHA1) in certificate chains.
View Lorry Controller Status