diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-07-19 15:52:26 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2018-08-03 09:18:17 +0200 |
commit | d47111032f5b20eed70093d988741da5d0e69952 (patch) | |
tree | db725ee0bf90d5d500a45c681bb07445574a8b86 /NEWS | |
parent | 5b9c6c93c680fdfa63b2854741d446ff50002510 (diff) | |
download | gnutls-d47111032f5b20eed70093d988741da5d0e69952.tar.gz |
tls1.3: server returns early on handshake when no cert is provided by client
Under TLS1.3 the server knows the negotiated keys early, if no client
certificate is sent. In that case, the server is not only able to
transmit the session ticket immediately after its finished message,
but is also able to transmit data, similarly to false start.
Resolves #481
Resolves #457
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -11,8 +11,12 @@ See the end for copying conditions. gnutls_certificate_set_retrieve_function() which could not handle the case where no certificates were returned, or the callbacks were set to NULL (see #528). +** libgnutls: gnutls_handshake() on server returns early on handshake when no + certificate is presented by client and the gnutls_init() flag GNUTLS_ENABLE_EARLY_START + is specified. + ** API and ABI modifications: -No changes since last version. +GNUTLS_ENABLE_EARLY_START: Added * Version 3.6.3 (released 2018-07-16) |