[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The netsec thread

From: Paul Eggert
Subject: Re: The netsec thread
Date: Tue, 3 Sep 2019 12:20:27 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0

Robert Pluim wrote:
The only code that cares is NSM, which can be fixed, and itʼs easy
enough to remove as well. The GNUTLS_TLS1_3 define was added in GnuTLS
3.6.3, so we can check for the version if you prefer.

Checking for GNUTLS_TLS1_3 sounds fine (in fact, a bit better). We can make the code a bit faster/clearer by not calling gnutls_protocol_get_version twice. Also, it's better to not intertwine ifdefs with ifs. So, something like the attached patch perhaps? Though I didn't install it because NSM needs to be changed too and I'm not sure what you were thinking of there.

Attachment: 0001-Don-t-mention-safe-renegotiation-in-TLS-1.3.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]