help-gnutls
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Help-gnutls] Re: client certificate authentication


From: Simon Josefsson
Subject: [Help-gnutls] Re: client certificate authentication
Date: Sun, 01 Feb 2009 11:07:31 +0100
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.0.60 (gnu/linux)

Nikos Mavrogiannopoulos <address@hidden> writes:

> The attached patch tries stay on the safe side and don't try to upgrade
> the TLS version on a rehandshake. I'm not sure whether this is the right
> thing to do, although performing a rehandshake to upgrade the TLS
> version seems quite unlikely.

I suspect it will become more likely given TLS 1.1 and TLS 1.2: you may
want to try TLS 1.0 on initial handshake, and then want to attempt more
recent TLS versions to get more advanced features from the other end --
however I think we use the patch for now and revisit this if someone
runs into this limit in the future.

This seems like a protocol issue, so we could ask on the IETF list
too...

/Simon




reply via email to

[Prev in Thread] Current Thread [Next in Thread]