main
mod_gnutls/0.12.0
|
Last change
on this file since b6ce8ad was
1d62f86,
checked in by Fiona Klute <fiona.klute@…>, 3 years ago
|
|
Use -VERS-ALL instead of -VERS-TLS-ALL
There was a bug in GnuTLS where leaving DTLS versions (which are
present in NORMAL) enabled could lead to a disabled TLS version being
accepted: https://gitlab.com/gnutls/gnutls/-/issues/1054
This has been fixed in the GnuTLS git repository (see
https://gitlab.com/gnutls/gnutls/-/merge_requests/1309), but there's
no release with the fix yet. I was testing with a local development
build so -VERS-TLS-ALL worked as it should, but the current distro
versions don't have the fix, so -VERS-ALL is needed.
|
-
Property mode set to
100644
|
|
File size:
562 bytes
|
| Line | |
|---|
| 1 | Include ${srcdir}/base_apache.conf |
|---|
| 2 | |
|---|
| 3 | GnuTLSCache ${DEFAULT_CACHE} |
|---|
| 4 | |
|---|
| 5 | GnuTLSPriorities NORMAL:-VERS-TLS1.3 |
|---|
| 6 | |
|---|
| 7 | <VirtualHost _default_:${TEST_PORT}> |
|---|
| 8 | ServerName ${TEST_HOST} |
|---|
| 9 | GnuTLSEnable On |
|---|
| 10 | GnuTLSCertificateFile authority/server/x509.pem |
|---|
| 11 | GnuTLSKeyFile authority/server/secret.key |
|---|
| 12 | </VirtualHost> |
|---|
| 13 | |
|---|
| 14 | <VirtualHost _default_:${TEST_PORT}> |
|---|
| 15 | ServerName test.example.com |
|---|
| 16 | GnuTLSEnable On |
|---|
| 17 | GnuTLSCertificateFile authority/server/x509.pem |
|---|
| 18 | GnuTLSKeyFile authority/server/secret.key |
|---|
| 19 | GnuTLSPriorities NORMAL:-VERS-ALL:+VERS-TLS1.3 |
|---|
| 20 | </VirtualHost> |
|---|
Note: See
TracBrowser
for help on using the repository browser.
