Bug#528661: elinks eternally stuck in SSL negotiation phase

Simon Josefsson simon at josefsson.org
Thu May 28 21:38:27 UTC 2009


The problem is a buggy server, see the upstream bug about this [1], so I
don't see anything that can/should be changed in GnuTLS.

Rather than closing this bug, we could re-assign the problem back to
elinks as a wishlist bug to provide better error handling in this
situation.

A naive solution would be to disable TLS1.1 in elinks.  Here is a patch
against elinks to accomplish that.

diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c
index 7ae3a04..81db379 100644
--- a/src/network/ssl/ssl.c
+++ b/src/network/ssl/ssl.c
@@ -278,7 +278,7 @@ init_ssl_connection(struct socket *socket)
 		return S_SSL_ERROR;
 	}
 
-	gnutls_set_default_priority(*state);
+	gnutls_priority_set_direct (*state, "NORMAL:-VERS-TLS1.1", NULL);
 	gnutls_handshake_set_private_extensions(*state, 1);
 	gnutls_cipher_set_priority(*state, cipher_priority);
 	gnutls_kx_set_priority(*state, kx_priority);

/Simon

[1] http://savannah.gnu.org/support/?106776





More information about the Pkg-gnutls-maint mailing list