|
From: | Paul Eggert |
Subject: | Re: The netsec thread |
Date: | Tue, 3 Sep 2019 12:20:27 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 |
Robert Pluim wrote:
The only code that cares is NSM, which can be fixed, and itʼs easy enough to remove as well. The GNUTLS_TLS1_3 define was added in GnuTLS 3.6.3, so we can check for the version if you prefer.
Checking for GNUTLS_TLS1_3 sounds fine (in fact, a bit better). We can make the code a bit faster/clearer by not calling gnutls_protocol_get_version twice. Also, it's better to not intertwine ifdefs with ifs. So, something like the attached patch perhaps? Though I didn't install it because NSM needs to be changed too and I'm not sure what you were thinking of there.
0001-Don-t-mention-safe-renegotiation-in-TLS-1.3.patch
Description: Text Data
[Prev in Thread] | Current Thread | [Next in Thread] |