[gnutls-devel] GnuTLS | gnutls_cli_debug / test_ssl3 don't detect some old SSLv3 servers (#958)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Mon Mar 23 03:55:17 CET 2020

Daniel Lenski commented:

This particular server will actually kinda-sorta work with TLS 1.0 as well, but only with SSL

SSL 3.0 with only SSL 3.0 cipher suites, works:

$ src/gnutls-cli --insecure --priority "NORMAL:-VERS-ALL:+VERS-SSL3.0:%NO_EXTENSIONS:%SSL3_RECORD_VERSION"

TLS 1.0 with **SSL 3.0** cipher suites, both record versions work:

$ src/gnutls-cli --insecure --priority "NORMAL:-VERS-ALL:+VERS-TLS1.0:+3DES-CBC:%NO_EXTENSIONS:%SSL3_RECORD_VERSION"
$ src/gnutls-cli --insecure --priority "NORMAL:-VERS-ALL:+VERS-TLS1.0:+3DES-CBC:%NO_EXTENSIONS:%LATEST_RECORD_VERSION"

TLS 1.1 or newer enabled? Hangs up immediately.

As far as I can tell, GNUTLS_RSA_3DES_EDE_CBC_SHA1 and GNUTLS_RSA_ARCFOUR_128_MD5 are the only cipher suites it supports (not even GNUTLS_RSA_ARCFOUR_128_SHA1 is accepted).

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/958#note_309267384
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200323/d1f662ed/attachment-0001.html>

More information about the Gnutls-devel mailing list