[gnutls-help] help needed with: Alert(21)
Michael Wohlwend
micha-1 at fantasymail.de
Fri Sep 30 14:05:04 CEST 2022
Hi,
thanks for the answers...
Am Freitag, 30. September 2022, 10:32:32 CEST schrieb Daiki Ueno:
> I need a bit more information to answer properly:
> Are both client and server programs using GnuTLS? If yes, could you
> provide the exact package versions, for both client and server?
client and server are both 3.7.1
It also works with the 3.5.8 client from debian stretch
If I limit the protocol to tls1.2 it also works.
>
> 64 GB is above the limit of AES-GCM being safely used without rekeying.
ah, yes, , AES-256-GCM, MAC AEAD is used, so this seems to be the reason.
> If TLS 1.3 is negotiated GnuTLS initiates automatic rekeying, though TLS
> 1.3 is a feature supported by GnuTLS 3.6 or later.
hm, but this rekeying doesn't seem to happen. Otherwise it would work.
Does gnutls_record_recv gets the GNUTLS_E_REHANDSHAKE as return value in this
case?
> Perhaps you could try other ciphers that doesn't have such limitation,
> e.g., CHACHA20-POLY1305?
> Regards,
>
I will try this
Cheers
Michael
More information about the Gnutls-help
mailing list