[gnutls-help] Unable to connect Windows IIS8, gives -37

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Aug 9 11:58:27 CEST 2016

On Tue, Aug 9, 2016 at 11:17 AM, Michal Suchanek <hramrach at gmail.com> wrote:
>>> Hi Gnutls team,
>>> Whenever I tried to connect an Windows IIS8 server I am getting below
>>> error----
>>> - Key Exchange: RSA
>>> - Protocol: TLS1.2
>>> - Certificate Type: X.509
>>> - Compression: NULL
>>> - Cipher: AES-128-CBC
>>> - MAC: SHA256
>>> Note: SSL paramaters may change as new connections are established to the
>>> server.
>>> /usr/bin/httpfs2-ssl: main: closing socket.
>>> /usr/bin/httpfs2-ssl: main: closing SSL socket.
>>> /usr/bin/httpfs2-ssl: main: initializing SSL socket.
>>> /usr/bin/httpfs2-ssl: main: read: -37 Rehandshake was requested by the
>>> peer..
>> The server requested a rehandshake but the client (httpfs2-ssl) you
>> are using didn't handle it. You'd better report it to that tool.
> what is needed on the clients part to handle the rehandshake?
> Does GnuTLS not handle rehandshake internally?

No. Rehandshake typically means re-authentication and the application
must handle this explicitly with gnutls (see [0]). By the time you
receive such a rehandshake request by the server you can either ignore
it (which the server may or may not like), or act on it by following
the instructions on [0]. Servers typically ask for rehandshake when
the want to connected user to reauthenticate using a client
certificate or so.

Overall it is best to use gnutls_error_is_fatal() and ignore non-fatal
errors from gnutls_record_recv() and gnutls_handshake().


[0]. https://www.gnutls.org/manual/html_node/Re_002dauthentication.html

More information about the Gnutls-help mailing list