TLSv1.2 interop issue (was: Re: gnutls 3.0.9)

Nikos Mavrogiannopoulos nmav at
Thu Jan 5 10:37:10 CET 2012

On Thu, Jan 5, 2012 at 10:29 AM, Florian Weimer <fweimer at> wrote:
> * Nikos Mavrogiannopoulos:
>>> We're seeing interop issues with a TLSv1.2 server which advertises are
>>> fairly restricted list of cipher suites.
>> What do you see?
> Well, the cipher suite thing was a different bug, on the server side,
> not caused by GNUTLS.  Fixing that didn't make a dent in the original
> issue.
> The issue is triggered when I use GNTULS 2.12.14 to connect to an
> OpenJDK 7u2 server which requires client certificates.
> Here's output from "gnutls-cli --debug 255":
> gnutls_sig.c:630 says:
> |    return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); /* too bad we only support SHA1 and SHA256 */

Can you try gnutls 3.0.x? It doesn't have this limitation.

> This is a bit puzzling.  Why does GNUTLS pick RSA-SHA512 if it doesn't
> support the algorithm?

Could you send me the transaction as a tcpdump raw file (to open with
I'll check later whether there can be a fix for 2.12.x.


More information about the Gnutls-help mailing list