[Help-gnutls] Re: client hello refused

kyle cronan kyle at pbx.org
Thu Feb 22 08:23:20 CET 2007


It works with --comp NULL.  I hadn't tried that one by itself, since I
didn't think the server would punish me just for offering.  Hopefully
someone will find this helpful some day!

Kyle

On 2/21/07, kyle cronan <kyle at pbx.org> wrote:
> Hello,
>
> My question is about how to debug the situation where the TLS server
> closes the connection right after the client hello message is sent
> (gnutls 1.4.5).  I didn't have much luck searching the list archives
> for hello!
>
> Looking at what's in an SSL/TLS hello, perhaps cipher_suites,
> compression_methods and client_version are candidates for causing
> trouble?  I believe I tried all the different client versions using
> --protocols, and I see from gnutls_handshake.c that the extensions are
> only sent if we're using a TLS version, not SSL3.  So it shouldn't be
> a protocol extension that's causing the problem either.  That just
> leaves ciphers and compression methods.  But wouldn't I get an error
> like "could not negotiate a supported cipher suite"?  Have servers
> been known to just close the connection without giving a handshake
> failure?
>
> Unfortunately the server software is some unknown black box type
> stuff.  It does work with openssl s_client though (0.9.7a), even when
> I select various single ciphers with the -cipher option.
>
> Thanks,
> Kyle Cronan
> <kyle at pbx.org>
>





More information about the Gnutls-help mailing list