diff options
author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-02-02 09:13:40 +0100 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2019-02-06 12:52:41 +0100 |
commit | aaf286293050a4a2dbcd98d9eb2d69eca99c502a (patch) | |
tree | b8e74a52a784152ebc2d733f999e66add9e30bb7 /NEWS | |
parent | daf6650142f63c0f602b99c92ba941ff1d9f851c (diff) | |
download | gnutls-aaf286293050a4a2dbcd98d9eb2d69eca99c502a.tar.gz |
Fallback to TLS 1.2 when incompatible with signature certs are provided
This only takes into account certificates in the credentials structure.
If certificates are provided in a callback, these must be checked by
the provider. For that we assume that the credentials structure is
filled when associated with a session; if not then the fallback mechanism
will not work and the handshake will fail.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -9,7 +9,9 @@ See the end for copying conditions. ** libgnutls: enforce key usage limitations on certificates more actively. Previously we would enforce it for TLS1.2 protocol, now we enforce it - even when TLS1.3 is negotiated, or on client certificates as well (#690). + even when TLS1.3 is negotiated, or on client certificates as well. When + an inappropriate for TLS1.3 certificate is seen on the credentials structure + GnuTLS will disable TLS1.3 support for that session (#690). ** API and ABI modifications: No changes since last version. |