summaryrefslogtreecommitdiffstatsabout
diff options
context:
space:
mode:
authorNokis Mavrogiannopoulos <nmav@gnutls.org>2007-12-02 16:17:54 (GMT)
committer Nokis Mavrogiannopoulos <nmav@gnutls.org>2007-12-02 16:17:54 (GMT)
commit421bad90160111f2470565540db237351b5a3963 (patch)
tree9733d13336bb367846a3f1bf1d16b59ea2a16820
parentd51667e406c2099865a4eec366fdab9d4578b683 (diff)
The compatibility mode can now be enabled only using the GnuTLSPriorities string.
-rw-r--r--NEWS5
-rw-r--r--src/gnutls_hooks.c5
2 files changed, 4 insertions, 6 deletions
diff --git a/NEWS b/NEWS
index 30f67e4..5d67da5 100644
--- a/NEWS
+++ b/NEWS
@@ -4,4 +4,7 @@
4Only one per certificate is supported. 4Only one per certificate is supported.
5 5
6- New enviroment variables: SSL_CLIENT_M_VERSION, SSL_CLIENT_S_SAN%, 6- New enviroment variables: SSL_CLIENT_M_VERSION, SSL_CLIENT_S_SAN%,
7SSL_CLIENT_S_TYPE, SSL_SERVER_M_VERSION, SSL_SERVER_S_SAN%, SSL_SERVER_S_TYPE \ No newline at end of file 7SSL_CLIENT_S_TYPE, SSL_SERVER_M_VERSION, SSL_SERVER_S_SAN%, SSL_SERVER_S_TYPE
8
9- The compatibility mode can now be enabled explicitely with the
10%COMPAT keyword at the GnuTLSPriorities string. It is no longer the default.
diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c
index 1af82a7..e3edba2 100644
--- a/src/gnutls_hooks.c
+++ b/src/gnutls_hooks.c
@@ -631,11 +631,6 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c)
631 631
632 gnutls_init(&ctxt->session, GNUTLS_SERVER); 632 gnutls_init(&ctxt->session, GNUTLS_SERVER);
633 633
634 /* This is not very good as it trades security for compatibility,
635 * but it is the only way to be ultra-portable.
636 */
637 gnutls_session_enable_compatibility_mode(ctxt->session);
638
639 /* because we don't set any default priorities here (we set later at 634 /* because we don't set any default priorities here (we set later at
640 * the user hello callback) we need to at least set this in order for 635 * the user hello callback) we need to at least set this in order for
641 * gnutls to be able to read packets. 636 * gnutls to be able to read packets.