Skip to content
Snippets Groups Projects
Commit ab03ab13 authored by Oto Šťáva's avatar Oto Šťáva
Browse files

fixup! daemon/tls: use GNUTLS_NO_TICKETS_TLS12

parent 9ac7dccc
No related merge requests found
Pipeline #98989 canceled with stages
in 18 minutes and 27 seconds
This commit is part of merge request !1295. Comments created here will be created in the context of that merge request.
Hide whitespace changes
Inline Side-by-side
daemon/bindings/net_tlssrv.rst
+ 2
2
View file @ ab03ab13
......@@ -121,10 +121,10 @@ by a trusted CA. This is done using function :c:func:`net.tls()`.
`secret leaks eventually <pfs_>`_.
.. warning:: **Setting the secret is probably too risky with TLS <= 1.2 and
GnuTLS < 3.6.5**. GnuTLS 3.6.5 adds an option to disable resumption via
GnuTLS < 3.7.5**. GnuTLS 3.7.5 adds an option to disable resumption via
tickets for TLS <= 1.2, enabling them only for protocols that do guarantee
`PFS <pfs_>`_. Knot Resolver makes use of this new option when linked
against GnuTLS >= 3.6.5.
against GnuTLS >= 3.7.5.
.. function:: net.tls_sticket_secret_file([string with path to a file containing pre-shared secret])
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment