Bug#528661: elinks eternally stuck in SSL negotiation phase
Simon Josefsson
simon at josefsson.org
Thu May 28 21:38:27 UTC 2009
The problem is a buggy server, see the upstream bug about this [1], so I
don't see anything that can/should be changed in GnuTLS.
Rather than closing this bug, we could re-assign the problem back to
elinks as a wishlist bug to provide better error handling in this
situation.
A naive solution would be to disable TLS1.1 in elinks. Here is a patch
against elinks to accomplish that.
diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c
index 7ae3a04..81db379 100644
--- a/src/network/ssl/ssl.c
+++ b/src/network/ssl/ssl.c
@@ -278,7 +278,7 @@ init_ssl_connection(struct socket *socket)
return S_SSL_ERROR;
}
- gnutls_set_default_priority(*state);
+ gnutls_priority_set_direct (*state, "NORMAL:-VERS-TLS1.1", NULL);
gnutls_handshake_set_private_extensions(*state, 1);
gnutls_cipher_set_priority(*state, cipher_priority);
gnutls_kx_set_priority(*state, kx_priority);
/Simon
[1] http://savannah.gnu.org/support/?106776
More information about the Pkg-gnutls-maint
mailing list