[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-wget] no post-handshake auth under gnutls
From: |
Tim Rühsen |
Subject: |
Re: [Bug-wget] no post-handshake auth under gnutls |
Date: |
Mon, 8 Oct 2018 15:57:36 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.0 |
Thanks, Nikos.
Slightly amended and pushed.
Regards, Tim
On 10/8/18 10:47 AM, Nikos Mavrogiannopoulos wrote:
> Hi,
> It seems that wget does not enable/use post-handshake authentication
> with gnutls when running under TLS1.3.
>
> The enabling of TLS1.3 although transparent for all uses cases, is not
> for the use case where the server allows a client to connect without
> certificate but requests authentication later after the location of
> access is known. Under TLS1.2 this was working via a re-handshake, but
> under TLS1.3 a client must enable and perform post-handshake
> authentication instead.
>
> A quick and dirty patch to demonstrate how to enable it, is attached.
> If you wait until gnutls 3.6.5, there may be a simpler way to enable
> it:
> https://gitlab.com/gnutls/gnutls/merge_requests/766
>
>
> More info at:
> https://nikmav.blogspot.com/2018/05/gnutls-and-tls-13.html
>
> regards,
> Nikos
>
signature.asc
Description: OpenPGP digital signature