gnutls & TLS1.1
simon at josefsson.org
Thu Jan 31 22:29:42 CET 2008
On 31 jan 2008, at 22.16, Matt Smith wrote:
> Hello Mr. Josefsson,
> I was wondering if you could assist me.
> I am looking for a packet capture of a TLS1.1 session being
> I attempted to use tcpdump on my local system while connecting with
> your test server here:
> As the test page states, this connection was made using TLS1.0, so
> that's not exactly what I need.
You must use a client that supports TLS 1.1. The test server will
negotiate TLS 1.1 if your client supports it. If you used a browser
to access that page, chances are that your browser doesn't implement
TLS 1.1. Try gnutls-cli from GnuTLS itself.
> I also attempted to download and install gnutls-2.3.0.tar.bz2 ,
> however, the README for that file says that it only supports SSLv3
> and TLSv1.0 (although I suppose that the README has not yet been
> updated if this is the newest version of mod_gnutls).
Oops! I'll fix the README tomorrow, it is probably better if it
doesn't say anything about version numbers at all.
> You wouldn't happen to have a pcap of a TLSv1.1 session being
> established, would you?
> or, Am I correct in thinking that gnutls2.3.0 should indeed support
> or, would it be possible to reconfigure the test server to only
> accept TLS1.1 (drastic, and the least desirable option).
The test server and gnutls2.3.0 supports TLSv1.1, so I don't think
getting a pcap will be difficult for you. But if you can't get it to
work, I'll see if I can produce a pcap file for you.
More information about the Gnutls-devel