[gnutls-help] Problem with https://archive.org
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed May 29 23:47:57 CEST 2013
On 05/29/2013 03:13 PM, Nikos Mavrogiannopoulos wrote:
> Interesting. This server negotiates C0.13 (which is
> ECDHE-RSA-AES256-SHA), and selects SSL 3.0. This ciphersuite is only
> defined for TLS 1.0 or later and that's why gnutls rejects it and closes
> the connection.
>
> This was a bug of a particular openssl version on Debian.
>
> If this is a widespread issue we may try to work it around in gnutls and
> allow elliptic curves even in SSL 3.0.
I've just forwarded this exchange to info at archive.org; i'm hoping
someone there can get back to to me about what they're running and
whether it's a vendor issue or a configuration issue.
It looks like their setup also *can't* negotiate TLS 1.0, which seems
pretty broken to me these days.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130529/6fef1863/attachment.sig>
More information about the Gnutls-help
mailing list