gnutls-cli-debug results interpretation

Nikos Mavrogiannopoulos nmav at
Sat Jul 14 09:09:08 CEST 2012

On 07/10/2012 04:39 PM, Bruno Vernay wrote:

> Hello,
> I have a hard time to understand the gnutls-cli-debug results.
> Simply from "Checking for version rollback bug in RSA PMS... no".
> Does it mean: No, the bug is not present

That one.

> Then, what exactly is the "version rollback bug in RSA PMS" ?

gnutls-cli-debug is a tool I used to debug servers while developing
gnutls and some messages may have been only apparent to me. The comment
in the test mentions: "here we enable both SSL 3.0 and TLS 1.0 and try
to connect and use rsa authentication. If the server is old, buggy and
only supports SSL 3.0 then the handshake will fail."

> A link to some reference information would be nice. I guess it is some
> kind of downgrade re-negotiation, but without further information, I
> cannot conclude anything.

There is no comprehensive list of TLS and SSL bugs that are I'm aware
of. Documenting all of them is substantial work and it is not in my
immediate plans.


More information about the Gnutls-help mailing list