[gnutls-help] ocsp stapling
Jeremy Harris
jgh at wizmail.org
Fri Jul 31 01:07:55 CEST 2015
On 30/07/15 14:39, Jeremy Harris wrote:
> On 30/07/15 12:33, Nikos Mavrogiannopoulos wrote:
>> On Sun, Jul 26, 2015 at 11:10 PM, Jeremy Harris <jgh at wizmail.org> wrote:
>>> gnutls 3.3.8
>>
>> The latest version of gnutls on this branch is 3.3.16. Does the issue
>> occur with that version?
>
> I'll see if I can arrange that.
Still occurs with 3.3.16 (as shipped for Debian Stretch).
Test target: Debian Exim4; TLS enabled with server certificate
and OCSP proof.
Test client: "swaks" (an SMTP test utility with TLS capability).
Test output:
(client)
$ swaks -s 192.168.122.61:25 -q HELO -tls
=== Trying 192.168.122.61:25...
=== Connected to 192.168.122.61.
<- 220 jessie.vm.jgh.example.net ESMTP Exim 4.86_RC5 Thu, 30 Jul 2015
23:56:56 +0100
-> EHLO lap.dom.ain
<- 250-jessie.vm.jgh.example.net Hello lap.dom.ain [192.168.122.1]
<- 250-SIZE 52428800
<- 250-8BITMIME
<- 250-PIPELINING
<- 250-STARTTLS
<- 250-PRDR
<- 250 HELP
-> STARTTLS
<- 220 TLS go ahead
*** TLS startup failed (connect(): error:140920E3:SSL
routines:SSL3_GET_SERVER_HELLO:parse tlsext)
*** STARTTLS attempted but failed
[jgh at lap ~]$
(server)
TLS error on connection from (lap.dom.ain) [192.168.122.1]
(gnutls_handshake): A TLS fatal alert has been received.
--
Jeremy
More information about the Gnutls-help
mailing list