[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_4-8-g5aa431
From: |
Nikos Mavrogiannopoulos |
Subject: |
[SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_4-8-g5aa4315 |
Date: |
Sun, 08 May 2011 08:02:37 +0000 |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU gnutls".
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=5aa43158e3eb23c56279ecb03522925c1435e9c2
The branch, gnutls_2_12_x has been updated
via 5aa43158e3eb23c56279ecb03522925c1435e9c2 (commit)
from fe8358fb8eca64a61b225416847e79af75c4e0a9 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 5aa43158e3eb23c56279ecb03522925c1435e9c2
Author: Nikos Mavrogiannopoulos <address@hidden>
Date: Sun May 8 10:02:33 2011 +0200
restructuring of nodes.
-----------------------------------------------------------------------
Summary of changes:
doc/cha-intro-tls.texi | 24 ++++++++++++++++++++----
1 files changed, 20 insertions(+), 4 deletions(-)
diff --git a/doc/cha-intro-tls.texi b/doc/cha-intro-tls.texi
index 31fe49a..e15dbd5 100644
--- a/doc/cha-intro-tls.texi
+++ b/doc/cha-intro-tls.texi
@@ -349,6 +349,16 @@ To set whether client certificate is required or not.
To initiate the handshake.
@end table
address@hidden
+* TLS Cipher Suites:: TLS session parameters.
+* Priority Strings:: Defining how parameters are negotiated.
+* Client Authentication:: Requesting a certificate from the client.
+* Resuming Sessions:: Reusing previously established keys.
+* Resuming Internals:: More information on reusing previously
established keys.
+* Compatibility Issues:: Issues on compatibility with other
implementations.
address@hidden menu
+
address@hidden TLS Cipher Suites
@subsection TLS Cipher Suites
The Handshake Protocol of @acronym{TLS} negotiates cipher suites of
@@ -376,8 +386,9 @@ that you consider weak.
All the supported ciphersuites are shown in @ref{ciphersuites}.
address@hidden Priority strings
address@hidden Priority strings
address@hidden Priority Strings
address@hidden Priority Strings
+
In order to specify cipher suite preferences, the
previously shown priority functions accept a string
that specifies the algorithms to be enabled in a TLS handshake.
@@ -525,6 +536,7 @@ will allow V1 CAs in chains.
@end table
address@hidden Client Authentication
@subsection Client Authentication
@cindex Client Certificate authentication
@@ -546,6 +558,7 @@ Sending of the names of the CAs can be controlled using
@ref{gnutls_certificate_send_x509_rdn_sequence}. The client, then, may
send a certificate, signed by one of the server's acceptable signers.
address@hidden Resuming Sessions
@subsection Resuming Sessions
@anchor{resume}
@cindex Resuming sessions
@@ -564,6 +577,7 @@ reasons, thus it may be normal for a server not to resume a
session
even if you requested that. Also note that you must enable, using the
priority functions, at least the algorithms used in the last session.
address@hidden Resuming Internals
@subsection Resuming Internals
The resuming capability, mostly in the server side, is one of the
@@ -603,7 +617,9 @@ It might also be useful to be able to check for expired
sessions in
order to remove them, and save space. The function
@ref{gnutls_db_check_entry} is provided for that reason.
address@hidden Compatibility issues
address@hidden Compatibility Issues
address@hidden Compatibility Issues
+
The @acronym{TLS} handshake is a complex procedure that negotiates all
required parameters for a secure session. @acronym{GnuTLS} supports
several @acronym{TLS} extensions, as well as the latest known published
@@ -617,7 +633,7 @@ Because there is no way to handle maximum compatibility
with such broken peers
without sacrificing security, @acronym{GnuTLS} ignores such peers by default.
This might not be acceptable in several cases
thus we allow enabling maximum compatibility with such peers using
-priority strings (see @ref{Priority strings}). An example priority string that
will
+priority strings (see @ref{Priority Strings}). An example priority string that
will
disable all supported @acronym{TLS} protocol versions except for
the widely supported @acronym{SSL} 3.0 and @acronym{TLS} 1.0
is shown below:
hooks/post-receive
--
GNU gnutls
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [SCM] GNU gnutls branch, gnutls_2_12_x, updated. gnutls_2_12_4-8-g5aa4315,
Nikos Mavrogiannopoulos <=