diff options
author | Daiki Ueno <ueno@gnu.org> | 2021-04-16 13:56:40 +0200 |
---|---|---|
committer | Daiki Ueno <ueno@gnu.org> | 2021-04-17 20:18:29 +0200 |
commit | dc1defac66c2bc654a1aa49222ce268aff74cb75 (patch) | |
tree | b5e9d60a2a95e5674fe45d0170989bfe7a5a91cf /doc | |
parent | a6a45ad0a75e950119e8e529a5f7f505ce0311c7 (diff) | |
download | gnutls-dc1defac66c2bc654a1aa49222ce268aff74cb75.tar.gz |
priority: add option to disable TLS 1.3 middlebox compatibility mode
This adds a new option %DISABLE_TLS13_COMPAT_MODE to disable TLS 1.3
compatibility mode at run-time.
Signed-off-by: Daiki Ueno <ueno@gnu.org>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/cha-gtls-app.texi | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/cha-gtls-app.texi b/doc/cha-gtls-app.texi index 36ba55e3ab..2399bf82eb 100644 --- a/doc/cha-gtls-app.texi +++ b/doc/cha-gtls-app.texi @@ -1610,6 +1610,10 @@ client hello. Note that this should be set only by applications that try to reconnect with a downgraded protocol version. See RFC7507 for details. +@item %DISABLE_TLS13_COMPAT_MODE @tab +will disable TLS 1.3 middlebox compatibility mode (RFC8446, Appendix +D.4) for non-compliant middleboxes. + @item %VERIFY_ALLOW_BROKEN @tab will allow signatures with known to be broken algorithms (such as MD5 or SHA1) in certificate chains. |