|Summary:||-VERS-SSL3.0 in GnuTLS priority strings is redundant|
|Product:||ThinLinc||Reporter:||Pierre Ossman <ossman>|
|Component:||Other||Assignee:||Pierre Ossman <ossman>|
Description Pierre Ossman 2016-08-29 20:18:28 CEST
SSL3 is disabled by default in GnuTLS 3.4.0 and later. Therefore we no longer need to explicitly include that in our default priority strings.
Comment 4 Pierre Ossman 2019-12-02 10:05:06 CET
Seems to work well. The new default is just "NORMAL" and yet SSL 3 is still rejected (tested with openssl s_client): > 2019-12-02 10:01:43 ERROR tlwebadm: [::ffff:10.47.1.240] gnutls_handshake: A packet with illegal or unsupported version was received. Note though that migrating configuration will leave the old value in place. It doesn't seem to do any damage though. No warnings in the logs, and SSL 3 is still disabled. Tested on RHEL 8.
Comment 5 Niko Lehto 2019-12-02 16:53:33 CET
Verified with 'openssl s_client' using Fedora 30 client/server. It gives the same output in the tlwebadm.log: > 2019-12-02 16:18:10 ERROR tlwebadm: [::1] gnutls_handshake: A packet with illegal or unsupported version was received.