[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-7-gc3e141a
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-7-gc3e141a |
Date: |
Mon, 01 Nov 2010 12:24:43 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=c3e141ad51683f2af117c3082721b34f09b2d40f
The branch, master has been updated
via c3e141ad51683f2af117c3082721b34f09b2d40f (commit)
via 0e4871de18409afad104eb35b23dfa6bf95d09e2 (commit)
from 773e90912fe1667cff667bbe1be3a04a25572da4 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c3e141ad51683f2af117c3082721b34f09b2d40f
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Mon Nov 1 13:24:20 2010 +0100
use @code for SAFE_RENEGOTIATION string.
commit 0e4871de18409afad104eb35b23dfa6bf95d09e2
Author: Simon Josefsson <address@hidden>
Date: Mon Jun 7 16:12:11 2010 +0200
Doc fix.
-----------------------------------------------------------------------
Summary of changes:
doc/cha-intro-tls.texi | 2 +-
lib/gnutls_priority.c | 34 ++++++++++++++++++++--------------
2 files changed, 21 insertions(+), 15 deletions(-)
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 2ab1b42..3232958 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -719,7 +719,7 @@ the majority of deployed servers out there. We will
reconsider this
default behaviour in the future when more servers have been upgraded.
Note that it is easy to configure clients to always require the safe
renegotiation extension from servers (see below on the
-%SAFE_RENEGOTIATION priority string).
address@hidden priority string).
To modify the default behaviour, we have introduced some new priority
strings. The priority strings can be used by applications
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 3a17527..d7c6831 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -520,20 +520,26 @@ gnutls_priority_set (gnutls_session_t session,
gnutls_priority_t priority)
*
* "%COMPAT" will enable compatibility features for a server.
*
- * "%DISABLE_SAFE_RENEGOTIATION" will disable safe renegotiation completely.
Do not use
- * unless you know what you are doing. Testing purposes only.
- *
- * "%UNSAFE_RENEGOTIATION" will allow unsafe renegotiation (this is now
- * the default for clients, but will change once more servers support the safe
renegotiation
- * TLS fix).
- *
- * "%PARTIAL_SAFE_RENEGOTIATION" In server side it will enable safe
renegotiation
- * and will protect all clients from known attacks, but will not prevent
insecure clients
- * from connecting. In client side it will disallow from renegotiating with an
insecure server
- * but will not prevent connecting to one (this leaves the client vulnerable
to attacks).
- *
- * "%SAFE_RENEGOTIATION" will enforce safe renegotiation. Clients and Servers
will refuse
- * to talk to an insecure peer.
+ * "%DISABLE_SAFE_RENEGOTIATION" will disable safe renegotiation
+ * completely. Do not use unless you know what you are doing.
+ * Testing purposes only.
+ *
+ * "%UNSAFE_RENEGOTIATION" will allow handshakes and rehandshakes
+ * without the safe renegotiation extension. Note that for clients
+ * this mode is insecure (you may be under attack), and for servers it
+ * will allow insecure clients to connect (which could be fooled by an
+ * attacker). Do not use unless you know what you are doing and want
+ * maximum compatibility.
+ *
+ * "%PARTIAL_RENEGOTIATION" will allow initial handshakes to proceed,
+ * but not rehandshakes. This leaves the client vulnerable to attack,
+ * and servers will be compatible with non-upgraded clients for
+ * initial handshakes. This is currently the default for clients and
+ * servers, for compatibility reasons.
+ *
+ * "%SAFE_RENEGOTIATION" will enforce safe renegotiation. Clients and
+ * servers will refuse to talk to an insecure peer. Currently this
+ * causes operability problems, but is required for full protection.
*
* "%SSL3_RECORD_VERSION" will use SSL3.0 record version in client hello.
*
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-7-gc3e141a,
Nikos Mavrogiannopoulos <=