[gnutls-dev] GNUTLS_E_INTERNAL_ERROR in _gnutls_ciphertext2compressed

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat Nov 17 11:26:52 CET 2007


On Friday 16 November 2007, Ludovic Courtès wrote:
> Hi,
>
> Nikos Mavrogiannopoulos <nmav at gnutls.org> writes:
> > Then it might be another kind of bug. However I'd suggest that you try
> > connecting to the most recent server (2.1.6). If that fails too could you
> > try different protocols (TLS 1.0 - SSL 3.0) and different algorithms (AES
> > - ARCFOUR would be enough) at your connection and see which ones fail?
>
> It appears that `DHE_DSS_3DES_EDE_CBC_SHA1' works fine while
> `DHE_DSS_AES_128_CBC_SHA1' doesn't ("Decryption failed" on the server
> side right during handshake).  In both cases, this is TLS 1.1 (I tried
> 1.0 earlier but didn't notice any difference).
> Unfortunately, I won't have time to investigate more for the time being.

These are very similar ciphersuites and they only differ on the choice of AES 
instead of 3DES. I cannot imagine what this could cause the problem with the
provided information. (was compression used?)

regards,
Nikos



More information about the Gnutls-dev mailing list