Bugzilla – Bug 5967
-VERS-SSL3.0 in GnuTLS priority strings is redundant
Last modified: 2019-12-03 10:12:41
You need to
before you can comment on or make changes to this bug.
SSL3 is disabled by default in GnuTLS 3.4.0 and later. Therefore we no longer
need to explicitly include that in our default priority strings.
Seems to work well. The new default is just "NORMAL" and yet SSL 3 is still
rejected (tested with openssl s_client):
> 2019-12-02 10:01:43 ERROR tlwebadm: [::ffff:10.47.1.240] gnutls_handshake: A packet with illegal or unsupported version was received.
Note though that migrating configuration will leave the old value in place. It
doesn't seem to do any damage though. No warnings in the logs, and SSL 3 is
Tested on RHEL 8.
Verified with 'openssl s_client' using Fedora 30 client/server. It gives the
same output in the tlwebadm.log:
> 2019-12-02 16:18:10 ERROR tlwebadm: [::1] gnutls_handshake: A packet with illegal or unsupported version was received.