confirmation that debian #480041 is a gnutls problem, and steps to reproduce

Daniel Kahn Gillmor dkg at
Fri Nov 21 17:58:36 CET 2008

On Fri 2008-11-21 02:24:02 -0500, Nikos Mavrogiannopoulos wrote:

> Hello, this does not seem to be a gnutls error. The server merely asks
> for renegotiation, gnutls-cli ignores it (legal behavior) and server
> does not like it thus sends a fatal alert.

Do you think this is exposing a bug in mod_ssl, then?  If it is legal
behavior to ignore a renegotiation, it seems to me that
SSLVerifyClient optional should not cause the server to terminate the
connection if a rehandshake is rejected.  Should we clone this bug, or
open a new report against apache or openssl?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: </pipermail/attachments/20081121/399dcb39/attachment.pgp>

More information about the Gnutls-devel mailing list