Ignore:
Timestamp:
Aug 24, 2020, 5:37:01 PM (13 months ago)
Author:
Fiona Klute <fiona.klute@…>
Branches:
asyncio, master
Children:
db76dd9
Parents:
ec26b87
Message:

Use -VERS-ALL instead of -VERS-TLS-ALL

There was a bug in GnuTLS where leaving DTLS versions (which are
present in NORMAL) enabled could lead to a disabled TLS version being
accepted: https://gitlab.com/gnutls/gnutls/-/issues/1054

This has been fixed in the GnuTLS git repository (see
https://gitlab.com/gnutls/gnutls/-/merge_requests/1309), but there's
no release with the fix yet. I was testing with a local development
build so -VERS-TLS-ALL worked as it should, but the current distro
versions don't have the fix, so -VERS-ALL is needed.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • test/tests/01_priorities_config/apache.conf

    rec26b87 r1d62f86  
    1717    GnuTLSCertificateFile       authority/server/x509.pem
    1818    GnuTLSKeyFile               authority/server/secret.key
    19     GnuTLSPriorities            NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3
     19    GnuTLSPriorities            NORMAL:-VERS-ALL:+VERS-TLS1.3
    2020</VirtualHost>
Note: See TracChangeset for help on using the changeset viewer.