From 421bad90160111f2470565540db237351b5a3963 Mon Sep 17 00:00:00 2001 From: Nokis Mavrogiannopoulos Date: Sun, 2 Dec 2007 16:17:54 +0000 Subject: The compatibility mode can now be enabled only using the GnuTLSPriorities string. --- NEWS | 5 ++++- src/gnutls_hooks.c | 5 ----- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index 30f67e4..5d67da5 100644 --- a/NEWS +++ b/NEWS @@ -4,4 +4,7 @@ Only one per certificate is supported. - New enviroment variables: SSL_CLIENT_M_VERSION, SSL_CLIENT_S_SAN%, -SSL_CLIENT_S_TYPE, SSL_SERVER_M_VERSION, SSL_SERVER_S_SAN%, SSL_SERVER_S_TYPE \ No newline at end of file +SSL_CLIENT_S_TYPE, SSL_SERVER_M_VERSION, SSL_SERVER_S_SAN%, SSL_SERVER_S_TYPE + +- The compatibility mode can now be enabled explicitely with the +%COMPAT keyword at the GnuTLSPriorities string. It is no longer the default. diff --git a/src/gnutls_hooks.c b/src/gnutls_hooks.c index 1af82a7..e3edba2 100644 --- a/src/gnutls_hooks.c +++ b/src/gnutls_hooks.c @@ -631,11 +631,6 @@ static mgs_handle_t *create_gnutls_handle(apr_pool_t * pool, conn_rec * c) gnutls_init(&ctxt->session, GNUTLS_SERVER); - /* This is not very good as it trades security for compatibility, - * but it is the only way to be ultra-portable. - */ - gnutls_session_enable_compatibility_mode(ctxt->session); - /* because we don't set any default priorities here (we set later at * the user hello callback) we need to at least set this in order for * gnutls to be able to read packets. -- cgit