Bug#466477: bluepages.ibm.com

Simon Josefsson simon at josefsson.org
Sat Oct 11 19:36:01 UTC 2008


I believe we may be close to understanding this entire bug report now.
For context, please review:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466477

My conclusion is that there are three different problems discussed:

The mail3.mclemente.net problem has been fixed in v2.4.0.  It was a
combination of a gnutls-cli bug and an intentional DoS limit in
libgnutls that has been increased now.

www.lbbw.de is likely buggy, it doesn't handle record padding.

www99.americanexpress.com is also likely buggy, it fails to talk with
clients that advertise TLS 1.1.

The remaining step is to check whether bluepages.ibm.com exhibits either
one of the two last problems.  However, the server isn't accessible on
the Internet.  Richard, can you test these two commands?

gnutls-cli -p 636 bluepages.ibm.com -d 4711 --priority NORMAL:-VERS-TLS1.1

gnutls-cli -p 636 bluepages.ibm.com -d 4711 --priority NORMAL:%COMPAT

You'll need a modern gnutls package, please let us know which package
version you use.

If either of these commands succeeds, let us know which.  If so, I
believe that shows the server to be buggy, and that you now know of a
workaround.  Then we can close the bug.

If neither of them succeeds, please post the output from both commands.
Then we'll have to continue debug the problem...

I really hope we can close this report.

/Simon





More information about the Pkg-gnutls-maint mailing list