Bug#466477: bluepages.ibm.com
Richard A Nelson
cowboy at debian.org
Mon Oct 13 22:35:52 UTC 2008
On Sun, 12 Oct 2008, Simon Josefsson wrote:
> I was wrong, it doesn't work like that. GnuTLS doesn't send the
> server_name extension by default, the application needs to call
> gnutls_server_name_set explicitly to enable it. For gnutls-cli, you can
> use --disable-extensions to avoid sending the server name:
>
> gnutls-cli -p 636 bluepages.ibm.com -d 4711 --priority NORMAL:-VERS-TLS1.1 --disable-extensions
d*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
> To disable both cert_type and server_name use:
>
> gnutls-cli -d 4711 -p 443 yxa.extundo.com --priority NORMAL:-VERS-TLS1.1:-CTYPE-OPENPGP --disable-extensions
works (after substituting bluepages.ibm.com) - which took me a minute to
catch ;)
> Maybe TLS 1.1 isn't the problem, if so this should work:
>
> gnutls-cli -d 4711 -p 443 yxa.extundo.com --priority NORMAL:-CTYPE-OPENPGP --disable-extensions
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
> I really hope one of these commands work. I think it would mean we
> understand the server's bug, and know how to work around it without
> resorting to falling back to SSL 3.0.
So it looks like it is indeed TLS 1.1 that is the problem ?
--
Rick Nelson
"This is the element_data structure for elements whose *element_type =
FORM_TYPE_SELECT_ONE, FORM_TYPE_SELECT_MULT. */ /* * nesting deeper
and deeper, harder and harder, go, go, oh, OH, OHHHHH!! * Sorry, got
carried away there. */ struct lo_FormElementOptionData_struct."
-- Mozilla source code
More information about the Pkg-gnutls-maint
mailing list