source: mod_gnutls/test/tests/01_priorities_config/apache.conf @ 65e66c9

asyncio
Last change on this file since 65e66c9 was 1d62f86, checked in by Fiona Klute <fiona.klute@…>, 13 months ago

Use -VERS-ALL instead of -VERS-TLS-ALL

There was a bug in GnuTLS where leaving DTLS versions (which are
present in NORMAL) enabled could lead to a disabled TLS version being
accepted: https://gitlab.com/gnutls/gnutls/-/issues/1054

This has been fixed in the GnuTLS git repository (see
https://gitlab.com/gnutls/gnutls/-/merge_requests/1309), but there's
no release with the fix yet. I was testing with a local development
build so -VERS-TLS-ALL worked as it should, but the current distro
versions don't have the fix, so -VERS-ALL is needed.

  • Property mode set to 100644
File size: 562 bytes
Line 
1Include ${srcdir}/base_apache.conf
2
3GnuTLSCache ${DEFAULT_CACHE}
4
5GnuTLSPriorities NORMAL:-VERS-TLS1.3
6
7<VirtualHost _default_:${TEST_PORT}>
8    ServerName ${TEST_HOST}
9    GnuTLSEnable On
10    GnuTLSCertificateFile       authority/server/x509.pem
11    GnuTLSKeyFile               authority/server/secret.key
12</VirtualHost>
13
14<VirtualHost _default_:${TEST_PORT}>
15    ServerName                  test.example.com
16    GnuTLSEnable                On
17    GnuTLSCertificateFile       authority/server/x509.pem
18    GnuTLSKeyFile               authority/server/secret.key
19    GnuTLSPriorities            NORMAL:-VERS-ALL:+VERS-TLS1.3
20</VirtualHost>
Note: See TracBrowser for help on using the repository browser.