confirmation that debian #480041 is a gnutls problem, and steps to reproduce

Nikos Mavrogiannopoulos nmav at
Fri Nov 21 19:54:37 CET 2008

Daniel Kahn Gillmor wrote:
> On Fri 2008-11-21 02:24:02 -0500, Nikos Mavrogiannopoulos wrote:
>> Hello, this does not seem to be a gnutls error. The server merely asks
>> for renegotiation, gnutls-cli ignores it (legal behavior) and server
>> does not like it thus sends a fatal alert.
> Do you think this is exposing a bug in mod_ssl, then?  If it is legal
> behavior to ignore a renegotiation, it seems to me that
> SSLVerifyClient optional should not cause the server to terminate the
> connection if a rehandshake is rejected.  Should we clone this bug, or
> open a new report against apache or openssl?

Could you first send me a capture to be used with wireshark so i can
check precisely what is happening there (gnutls-cli) and rule out any
gnutls issue?


More information about the Gnutls-devel mailing list