[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_9_10-74-g41467
From: |
Simon Josefsson |
Subject: |
[SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_9_10-74-g4146721 |
Date: |
Mon, 07 Jun 2010 14:12:15 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=414672179d60a511332421dc85df833fbe46b292
The branch, gnutls_2_10_x has been updated
via 414672179d60a511332421dc85df833fbe46b292 (commit)
from c85bff2e336eeda70a4312d1296dd12568cda0c9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 414672179d60a511332421dc85df833fbe46b292
Author: Simon Josefsson <address@hidden>
Date: Mon Jun 7 16:12:11 2010 +0200
Doc fix.
-----------------------------------------------------------------------
Summary of changes:
lib/gnutls_priority.c | 35 +++++++++++++++++++----------------
1 files changed, 19 insertions(+), 16 deletions(-)
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 7e71468..09eb5ec 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -523,22 +523,25 @@ gnutls_priority_set (gnutls_session_t session,
gnutls_priority_t priority)
* "%COMPAT" will enable compatibility features for a server.
*
* "%DISABLE_SAFE_RENEGOTIATION" will disable safe renegotiation
- * completely. Do not use unless you know what you are doing. Testing
- * purposes only.
- *
- * "%UNSAFE_RENEGOTIATION" will allow unsafe renegotiation (this is
- * now the default for clients, but will change once more servers
- * support the safe renegotiation TLS fix).
- *
- * "%PARTIAL_SAFE_RENEGOTIATION" In server side it will enable safe
- * renegotiation and will protect all clients from known attacks, but
- * will not prevent insecure clients from connecting. In client side
- * it will disallow from renegotiating with an insecure server but
- * will not prevent connecting to one (this leaves the client
- * vulnerable to attacks).
- *
- * "%SAFE_RENEGOTIATION" will enforce safe renegotiation. Clients and
- * Servers will refuse to talk to an insecure peer.
+ * completely. Do not use unless you know what you are doing.
+ * Testing purposes only.
+ *
+ * "%UNSAFE_RENEGOTIATION" will allow handshakes and rehandshakes
+ * without the safe renegotiation extension. Note that for clients
+ * this mode is insecure (you may be under attack), and for servers it
+ * will allow insecure clients to connect (which could be fooled by an
+ * attacker). Do not use unless you know what you are doing and want
+ * maximum compatibility.
+ *
+ * "%PARTIAL_RENEGOTIATION" will allow initial handshakes to proceed,
+ * but not rehandshakes. This leaves the client vulnerable to attack,
+ * and servers will be compatible with non-upgraded clients for
+ * initial handshakes. This is currently the default for clients and
+ * servers, for compatibility reasons.
+ *
+ * "%SAFE_RENEGOTIATION" will enforce safe renegotiation. Clients and
+ * servers will refuse to talk to an insecure peer. Currently this
+ * causes operability problems, but is required for full protection.
*
* "%SSL3_RECORD_VERSION" will use SSL3.0 record version in client
* hello.
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_9_10-74-g4146721,
Simon Josefsson <=