[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How to reject SSL 3.0 on gnutls 2.12.6

From: volan shu
Subject: How to reject SSL 3.0 on gnutls 2.12.6
Date: Sun, 10 Jul 2011 18:11:59 +0800

Hi there,

I met some issues when using gnutls APIs to setup my server to reject SSL 3.0 requests using "-VERS-SSL3.0". ( My whole priority string is "PERFORMANCE:!ARCFOUR-128:!
ARCFOUR-40:-VERS-SSL3.0:%DISABLE_SAFE_RENEGOTIATION".) As in the wireshark capture, I found the handshake was kept on going without a handshake failure alert to be sent to client on gnutls 2.12.6.

So I have to planning to use gnutls_certificate_set_retrieve_function in my server to set a callback function who can be used to check the SSL version carried by Client Hello in order for server to reject the SSL3.0 request other than to accept it. But in my call back function, I can't retrieve the X.509 certificate and private key using gnutls_session_t as the index after I searched the gnutls APIs description at and the all the examples included.

Would you know how can I specify  the priority string or how can I achieve this using this callback function or any other alternative can be used instead?

Many thanks,


reply via email to

[Prev in Thread] Current Thread [Next in Thread]