[gnutls-devel] GnuTLS | Cannot connect to github.com, download.mono-project.com (#990)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Sat May 23 15:28:30 CEST 2020
Maarten Boekhold commented:
I just discovered the `gnutls-cli-debug` program, posting the output below in case it can be of any help:
```
$ gnutls-cli-debug github.com
GnuTLS debug client 3.6.13
Checking github.com:443
whether the server accepts default record size (512 bytes)... yes
whether %ALLOW_SMALL_RECORDS is required... no
whether we need to disable TLS 1.2... no
whether we need to disable TLS 1.1... no
whether we need to disable TLS 1.0... no
whether %NO_EXTENSIONS is required... no
whether %COMPAT is required... no
for TLS 1.0 (RFC2246) support... no
for TLS 1.1 (RFC4346) support... no
fallback from TLS 1.1 to... failed
for TLS 1.2 (RFC5246) support... yes
for TLS 1.3 (RFC8446) support... yes
for known TLS or SSL protocols support... yes
TLS1.2 neg fallback from TLS 1.6 to... TLS1.2
for HTTPS server name... unknown
for certificate chain order... sorted
for safe renegotiation (RFC5746) support... yes
for encrypt-then-MAC (RFC7366) support... yes
for ext master secret (RFC7627) support... yes
for heartbeat (RFC6520) support... no
for version rollback bug in RSA PMS... dunno
for version rollback bug in Client Hello... no
whether the server ignores the RSA PMS version... yes
whether small records (512 bytes) are tolerated on handshake... yes
whether cipher suites not in SSL 3.0 spec are accepted... yes
whether a bogus TLS record version in the client hello is accepted... yes
whether the server understands TLS closure alerts... yes
whether the server supports session resumption... no
for anonymous authentication support... no
for RSA key exchange support... yes
for ephemeral Diffie-Hellman support... no
for RFC7919 Diffie-Hellman support... no
for ephemeral EC Diffie-Hellman support... yes
for VKO GOST-2012 (draft-smyshlyaev-tls12-gost-suites) support... no
for curve SECP256r1 (RFC4492)... no
for curve SECP384r1 (RFC4492)... no
for curve SECP521r1 (RFC4492)... no
for curve X25519 (RFC8422)... yes
for AES-GCM cipher (RFC5288) support... yes
for AES-CCM cipher (RFC6655) support... no
for AES-CCM-8 cipher (RFC6655) support... no
for AES-CBC cipher (RFC3268) support... yes
for CAMELLIA-GCM cipher (RFC6367) support... no
for CAMELLIA-CBC cipher (RFC5932) support... no
for 3DES-CBC cipher (RFC2246) support... no
for ARCFOUR 128 cipher (RFC2246) support... no
for CHACHA20-POLY1305 cipher (RFC7905) support... yes
for GOST28147-CNT cipher (draft-smyshlyaev-tls12-gost-suites) support... no
for MD5 MAC support... no
for SHA1 MAC support... yes
for SHA256 MAC support... yes
for GOST28147-IMIT MAC (draft-smyshlyaev-tls12-gost-suites) support... no
for max record size (RFC6066) support... yes
for OCSP status response (RFC6066) support... no
```
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/990#note_347776171
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200523/41372f4c/attachment-0001.html>
More information about the Gnutls-devel
mailing list