diff options
author | Daiki Ueno <dueno@redhat.com> | 2019-09-26 16:45:25 +0200 |
---|---|---|
committer | Daiki Ueno <dueno@redhat.com> | 2019-09-27 10:14:53 +0200 |
commit | 3fd28f9a400f371291c05c89b5b8014cebd2d315 (patch) | |
tree | c45f8d4a3196caa7865be54828c3f00ba538045d /tests/version-checks.c | |
parent | 0bb87a8712d48a0e0c3cf97c7ca7830603b91176 (diff) | |
download | gnutls-3fd28f9a400f371291c05c89b5b8014cebd2d315.tar.gz |
ext/supported_versions: reorder client precedence if necessary
If the client advertises TLS < 1.2 before TLS 1.3 and the server is
configured with TLS 1.3 enabled, the server should select TLS 1.3;
otherwise the client will disconnect when seeing downgrade sentinel.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Diffstat (limited to 'tests/version-checks.c')
-rw-r--r-- | tests/version-checks.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/version-checks.c b/tests/version-checks.c index 4f9bac2261..2b6badff17 100644 --- a/tests/version-checks.c +++ b/tests/version-checks.c @@ -171,6 +171,13 @@ void doit(void) reset_buffers(); try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3:+VERS-TLS1.2", GNUTLS_TLS1_3); reset_buffers(); + /* If TLS 1.3 is enabled in the server, prefer the latest + * possible version regardless of the client's precedence. + * See https://gitlab.com/gnutls/gnutls/issues/837 for the + * rationale. + */ + try("NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2:+VERS-TLS1.3", GNUTLS_TLS1_3); + reset_buffers(); #ifdef ENABLE_SSL3 try("NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0", -1); reset_buffers(); |