Skip to content
Snippets Groups Projects
Commit 9e053207 authored by Guillaume Roguez's avatar Guillaume Roguez
Browse files

tls: revert anonymous certificate exchange 

If an encrypted packet used during the encrypted
handshake steps to initialize a secure channel with a peer
is re-ordered due to the network, gnutls is not able to
process the handshake correctly.
This prevents any calls to be established
(SIP channel goes over such connection).

This patch reverts the anonymous handshake to let only
the non-encrypted certificate exchange system.
This is less anonymous as certificates are exchanged in
plain-text format.

The revert consisting to add an option to enable or not the
anonymous certificate exchange. This option is set to false
(non-enabled) by default.

Now, TLS 1.3 should resolve this situation.
So it's not a definitive patch.

Change-Id: I3214efae1b69e44967a67a628cc690d8e95c9e40
Tuleap: #572
parent 8ea35fbb
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment