[gnutls-help] Unable to connect Windows IIS8, gives -37

Onkurananda Ganguly onkurganguly at gmail.com
Tue Aug 9 12:53:59 CEST 2016


Thanks for the info. I will make the necessary changes and try connecting
again.
If I ignore the re-handshake using gnutls_error_is_fatal() and ignore
non-fatal error. Will I able to connect to the server??

On Tue, Aug 9, 2016 at 3:28 PM, Nikos Mavrogiannopoulos <nmav at gnutls.org>
wrote:

> On Tue, Aug 9, 2016 at 11:17 AM, Michal Suchanek <hramrach at gmail.com>
> wrote:
> >>> Hi Gnutls team,
> >>> Whenever I tried to connect an Windows IIS8 server I am getting below
> >>> error----
> >>> - Key Exchange: RSA
> >>> - Protocol: TLS1.2
> >>> - Certificate Type: X.509
> >>> - Compression: NULL
> >>> - Cipher: AES-128-CBC
> >>> - MAC: SHA256
> >>> Note: SSL paramaters may change as new connections are established to
> the
> >>> server.
> >>> /usr/bin/httpfs2-ssl: main: closing socket.
> >>> /usr/bin/httpfs2-ssl: main: closing SSL socket.
> >>> /usr/bin/httpfs2-ssl: main: initializing SSL socket.
> >>> /usr/bin/httpfs2-ssl: main: read: -37 Rehandshake was requested by the
> >>> peer..
> >>
> >> The server requested a rehandshake but the client (httpfs2-ssl) you
> >> are using didn't handle it. You'd better report it to that tool.
> > what is needed on the clients part to handle the rehandshake?
> > Does GnuTLS not handle rehandshake internally?
>
> No. Rehandshake typically means re-authentication and the application
> must handle this explicitly with gnutls (see [0]). By the time you
> receive such a rehandshake request by the server you can either ignore
> it (which the server may or may not like), or act on it by following
> the instructions on [0]. Servers typically ask for rehandshake when
> the want to connected user to reauthenticate using a client
> certificate or so.
>
> Overall it is best to use gnutls_error_is_fatal() and ignore non-fatal
> errors from gnutls_record_recv() and gnutls_handshake().
>
> regards,
> Nikos
>
> [0]. https://www.gnutls.org/manual/html_node/Re_002dauthentication.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160809/9b6ef559/attachment-0001.html>


More information about the Gnutls-help mailing list