gnuTLS 3.0.20 - 'Fatal error: The TLS connection was non-properly terminated' against Cisco load balancers

Scott McGillivray scott.mcgillivray at gmail.com
Mon Jun 18 11:36:08 CEST 2012


On 18 June 2012 10:03, Richard Moore <rich at kde.org> wrote:

> On 18 June 2012 09:50, Scott McGillivray <scott.mcgillivray at gmail.com>
> wrote:
> > I don't know if the problem see in openssl 1.0.1c might be related to the
> > problem I'm seeing in gnutls 3.0.20? I couldn't see a similar option for
> > gnutls-cli to force TLS 1.0 or ignore TLS 1.2 for me to test.
>
> --protocols
>
> Rich.
>


Many thanks, that allowed me to connect.

i think the --protocols option is deprecated, i couldn't find it in in man
pages, but i was able to successfully connect to the site using the below
command which does the same thing.

gnutls-cli --priority
NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0:+VERS-SSL3.0:%COMPAT
accounts.codemasters.com

Info on the command found at
http://www.gnu.org/software/gnutls/manual/gnutls.html#Interoperability

I wonder what has changed in gnutls and openssl in recent versions that
prevents them from gratefully downgrading to a supported TLS version when
connecting to these Cisco CSS units.

Thanks again for your help.

Scott.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20120618/150f178d/attachment.htm>


More information about the Gnutls-help mailing list