[gnutls-devel] Unable to connect to https server using wget/curl with gnutls (or openssl)

[Nikos Mavrogiannopoulos]

On Wed, Dec 19, 2012 at 11:05 PM, Burton Samograd <burton at samograd.ca> wrote:
> Hello,
>
> I am having problems connecting to an HTTPS server using gnutls through
> wget, curl and emacs.  I have contacted the company and they claim that
> it must be a problem with my SSL implementation, so I am looking into
> it.  I would like to not that this problem is not specific to gnutls; I
> have built a version of curl that uses only libssl (openssl) and I still
> have problems connecting to their server.
>
> Starting from the beginning, when I try to connect to their server using
> wget I get a 'Unable to establish SSL connection'::
> ===================================================================================
>
> Looking further I used gnutls-cli:
> ===================================================================================
> ~ $ gnutls-cli -d 4 demoweb.efxnow.com
> I found that "A TLS packet with unexpected length was recieved." could
> also mean that the other side forcibly closed the connection.

It most probably mean that their implementation doesn't understand
extensions or so.

> Finally with gnutls-cli-debug:
>
> ===================================================================================
> ~ $ gnutls-cli-debug -d 4 demoweb.efxnow.com

This should have been less verbose.
> Checking whether %COMPAT is required... yes

It means that you should use gnutls-cli --priority NORMAL:%COMPAT in
order to connect to this server. This server probably cannot parse
random padding or so. This is common in custom new implementations.

regards,
Nikos