[gnutls-help] Problem with https://archive.org
Nikos Mavrogiannopoulos
nmav at gnutls.org
Wed May 29 21:13:00 CEST 2013
On 05/17/2013 11:00 PM, Lluís Batlle i Rossell wrote:
> Hello,
>
> I tried gnutls 3.1 and 3.2.0 on https://archive.org (with wget and gnutls-cli),
> and both give me:
> Connecting to www.archive.org|207.241.224.2|:443... connected.
> GnuTLS: Could not negotiate a supported cipher suite.
> Unable to establish SSL connection.
> Enabling "EXPORT" in --priority (a friend helped me with that), made gnutls
> choose:
> |<3>| HSK[0x7a9ec0]: Selected cipher suite: RSA_AES_128_CBC_SHA1
Interesting. This server negotiates C0.13 (which is
ECDHE-RSA-AES256-SHA), and selects SSL 3.0. This ciphersuite is only
defined for TLS 1.0 or later and that's why gnutls rejects it and closes
the connection.
This was a bug of a particular openssl version on Debian.
If this is a widespread issue we may try to work it around in gnutls and
allow elliptic curves even in SSL 3.0.
regards,
Nikos
More information about the Gnutls-help
mailing list