confirmation that debian #480041 is a gnutls problem, and steps to reproduce

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Nov 21 17:54:00 CET 2008


On Fri 2008-11-21 02:24:02 -0500, Nikos Mavrogiannopoulos wrote:

> Hello, this does not seem to be a gnutls error. The server merely asks
> for renegotiation, gnutls-cli ignores it (legal behavior) and server
> does not like it thus sends a fatal alert. However which version of
> gnutls-cli is that? Can you try with the latest?

That was originally tested against debian's 2.4.2-3.  With 2.6.2-1
(from debian experimental), i get the same output:

 ...
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS1.0
- Key Exchange: DHE-RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed

- Simple Client Mode:

*** Non fatal error: Rehandshake was requested by the peer.
*** Fatal error: A TLS fatal alert has been received.
*** Received alert [10]: Unexpected message
*** Server has terminated the connection abnormally.

    --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: </pipermail/attachments/20081121/c471b888/attachment.pgp>


More information about the Gnutls-devel mailing list