On Tue, Aug 02, 2016 at 02:56:26PM +0000, Olivier BONHOMME wrote: > Hello Tom, > > It's indeed an interesting way. I didn't think about something just disabled. I > browsed, gnutls rpm changelog and I saw this : > > * Thu May 3 2012 Tomas Mraz <tmraz at redhat.com> 2.8.5-7 > - more TLS-1.2 compatibility fixes (TLS-1.2 stays disabled by default) > > So TLS 1.2 seems there but disabled by default : So maybe lftp can't use it > because it can't force it. > > I tried browsing the code and RPM patches but I was unable to find where this > disable thing is. > > Does anybody have an idea ? Hello guy, I think i found something. If we look into the upstream source provided in the GNUTLS SRPM, we have on the file lib/gnutls_priority.c: static const int protocol_priority[] = { /* GNUTLS_TLS1_2, -- not finalized yet! */ GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 }; So I guess that if even if TLS1.2 is implemented in the CentOS version, the default priority doesn't allow to use TLS1.2. And I think that lftp doesn't allow to force this priority, that's why I can't use TLS1.2 and only at least TLS1.1. So the question is: Is that behaviour can be considered as an lftp bug or not ? Regards, Olivier