gnuTLS 3.0.20 - 'Fatal error: The TLS connection was non-properly terminated' against Cisco load balancers

Scott McGillivray scott.mcgillivray at
Mon Jun 18 10:50:27 CEST 2012

I've tried with OpenSSL 0.9.8k and OpenSSL 1.0.1 which both work ok with no
special options. The Cisco CSS is quite an old load balancer and doesn't
support TLS 1.1 let alone TLS 1.2 so I'm not sure why openssl 1.0.1c would
fail until you specifically told it to ignore TLS 1.2. I thought as part of
the negotiation, openssl would have detected that TLS 1.0 was only

I had a quick look through the openssl changelog ( to see if there was any obvious
changes between 1.0.1 and 1.0.1c that might cause the problem but nothing
jumped out to me.

I don't know if the problem see in openssl 1.0.1c might be related to the
problem I'm seeing in gnutls 3.0.20? I couldn't see a similar option for
gnutls-cli to force TLS 1.0 or ignore TLS 1.2 for me to test.

Thanks for the help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120618/7e764986/attachment.htm>

More information about the Gnutls-help mailing list