Changeset 1d62f86 in mod_gnutls


Ignore:
Timestamp:
Aug 24, 2020, 5:37:01 PM (11 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio, master
Children:
db76dd9
Parents:
ec26b87
Message:

Use -VERS-ALL instead of -VERS-TLS-ALL

There was a bug in GnuTLS where leaving DTLS versions (which are
present in NORMAL) enabled could lead to a disabled TLS version being
accepted: https://gitlab.com/gnutls/gnutls/-/issues/1054

This has been fixed in the GnuTLS git repository (see
https://gitlab.com/gnutls/gnutls/-/merge_requests/1309), but there's
no release with the fix yet. I was testing with a local development
build so -VERS-TLS-ALL worked as it should, but the current distro
versions don't have the fix, so -VERS-ALL is needed.

Location:
test/tests/01_priorities_config
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • test/tests/01_priorities_config/apache.conf

    rec26b87 r1d62f86  
    1717    GnuTLSCertificateFile       authority/server/x509.pem
    1818    GnuTLSKeyFile               authority/server/secret.key
    19     GnuTLSPriorities            NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3
     19    GnuTLSPriorities            NORMAL:-VERS-ALL:+VERS-TLS1.3
    2020</VirtualHost>
  • test/tests/01_priorities_config/test.yml

    rec26b87 r1d62f86  
    2020  gnutls_params:
    2121    - x509cafile=authority/x509.pem
    22     - priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3
     22    - priority=NORMAL:-VERS-ALL:+VERS-TLS1.3
    2323  actions:
    2424    - !request
     
    3434    - x509cafile=authority/x509.pem
    3535    - sni-hostname=test.example.com
    36     - priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3
     36    - priority=NORMAL:-VERS-ALL:+VERS-TLS1.3
    3737  actions:
    3838    - !request
     
    5353    - x509cafile=authority/x509.pem
    5454    - sni-hostname=test.example.com
    55     - priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2
     55    - priority=NORMAL:-VERS-ALL:+VERS-TLS1.2
    5656  actions:
    5757    - !request
Note: See TracChangeset for help on using the changeset viewer.