(Sending again because the first time isn't showing up in the mailing list archives/Im not sure if it successfully went through)
I've started using TLS1.3 certificates for my self-signed
infrastructure, so I wanted to be able to do so with NBD as well.
Assuming I'm understanding the nbd code and the gnutls code, this is no
problem on the server-side, because the GNUTLS priority string can be
provided there; but in the client, it appears to be hard-coded to TLS1.2
(the %SERVER_PRECEDENCE directive on the server-side [again, assuming
I'm understanding things correctly] only applies to the cipher-set: not
the TLS version). So this patch introduces a parallel command-line
option to specify a GNUTLS priority-string for the client as well.
I'm
not 100% sure it's correct: I'm only providing the code because I think
it's easier to discuss what the issue & fix are if there's actual
code to examine.
I initially ran into this issue when I
created TLS1.3 CA/client/server certs, and got TLS errors running NBD; I
then experimented with the nbd-client executable by `sed`-ing it to
replace the PRIORITY string `1.2` with `1.3` in the binary itself, and
was then able to successfully connect; so I figured it would be better
to offer a parallel option (like the server-side) than to change the
hard-coded string in the code-base, or only add a tls-version
command-line option.
PR below, please let me know what you think
https://github.com/NetworkBlockDevice/nbd/pull/152