[SCM] GNU gnutls branch, master, updated. gnutls_2_11

gnutls-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-7-gc3e141a

From:	Nikos Mavrogiannopoulos
Subject:	[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-7-gc3e141a
Date:	Mon, 01 Nov 2010 12:24:43 +0000

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".

http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=c3e141ad51683f2af117c3082721b34f09b2d40f

The branch, master has been updated
       via  c3e141ad51683f2af117c3082721b34f09b2d40f (commit)
       via  0e4871de18409afad104eb35b23dfa6bf95d09e2 (commit)
      from  773e90912fe1667cff667bbe1be3a04a25572da4 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit c3e141ad51683f2af117c3082721b34f09b2d40f
Author: Nikos Mavrogiannopoulos <address@hidden>
Date:   Mon Nov 1 13:24:20 2010 +0100

    use @code for SAFE_RENEGOTIATION string.

commit 0e4871de18409afad104eb35b23dfa6bf95d09e2
Author: Simon Josefsson <address@hidden>
Date:   Mon Jun 7 16:12:11 2010 +0200

    Doc fix.

-----------------------------------------------------------------------

Summary of changes:
 doc/cha-intro-tls.texi |    2 +-
 lib/gnutls_priority.c  |   34 ++++++++++++++++++++--------------
 2 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 2ab1b42..3232958 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -719,7 +719,7 @@ the majority of deployed servers out there.  We will 
reconsider this
 default behaviour in the future when more servers have been upgraded.
 Note that it is easy to configure clients to always require the safe
 renegotiation extension from servers (see below on the
-%SAFE_RENEGOTIATION priority string).
address@hidden priority string).
 
 To modify the default behaviour, we have introduced some new priority
 strings.  The priority strings can be used by applications
diff --git a/lib/gnutls_priority.c b/lib/gnutls_priority.c
index 3a17527..d7c6831 100644
--- a/lib/gnutls_priority.c
+++ b/lib/gnutls_priority.c
@@ -520,20 +520,26 @@ gnutls_priority_set (gnutls_session_t session, 
gnutls_priority_t priority)
  *
  * "%COMPAT" will enable compatibility features for a server.
  *
- * "%DISABLE_SAFE_RENEGOTIATION" will disable safe renegotiation completely. 
Do not use
- * unless you know what you are doing. Testing purposes only.
- *
- * "%UNSAFE_RENEGOTIATION" will allow unsafe renegotiation (this is now
- * the default for clients, but will change once more servers support the safe 
renegotiation
- * TLS fix).
- *
- * "%PARTIAL_SAFE_RENEGOTIATION" In server side it will enable safe 
renegotiation
- * and will protect all clients from known attacks, but will not prevent 
insecure clients
- * from connecting. In client side it will disallow from renegotiating with an 
insecure server
- * but will not prevent connecting to one (this leaves the client vulnerable 
to attacks).
- *
- * "%SAFE_RENEGOTIATION" will enforce safe renegotiation. Clients and Servers 
will refuse
- * to talk to an insecure peer.
+ * "%DISABLE_SAFE_RENEGOTIATION" will disable safe renegotiation
+ * completely.  Do not use unless you know what you are doing.
+ * Testing purposes only.
+ *
+ * "%UNSAFE_RENEGOTIATION" will allow handshakes and rehandshakes
+ * without the safe renegotiation extension.  Note that for clients
+ * this mode is insecure (you may be under attack), and for servers it
+ * will allow insecure clients to connect (which could be fooled by an
+ * attacker).  Do not use unless you know what you are doing and want
+ * maximum compatibility.
+ *
+ * "%PARTIAL_RENEGOTIATION" will allow initial handshakes to proceed,
+ * but not rehandshakes.  This leaves the client vulnerable to attack,
+ * and servers will be compatible with non-upgraded clients for
+ * initial handshakes.  This is currently the default for clients and
+ * servers, for compatibility reasons.
+ *
+ * "%SAFE_RENEGOTIATION" will enforce safe renegotiation.  Clients and
+ * servers will refuse to talk to an insecure peer.  Currently this
+ * causes operability problems, but is required for full protection.
  *
  * "%SSL3_RECORD_VERSION" will use SSL3.0 record version in client hello.
  *


hooks/post-receive
-- 
GNU gnutls

[Prev in Thread]

Current Thread

[Next in Thread]

[SCM] GNU gnutls branch, master, updated. gnutls_2_11_4-7-gc3e141a, Nikos Mavrogiannopoulos <=

Next by Date: [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_2-7-gf48cb4e
Next by thread: [SCM] GNU gnutls branch, gnutls_2_10_x, updated. gnutls_2_10_2-7-gf48cb4e
Index(es):
- Date
- Thread