Bug#528661: elinks eternally stuck in SSL negotiation phase
Kalle Olavi Niemitalo
kon at iki.fi
Sat May 30 07:11:07 UTC 2009
Simon Josefsson <simon at josefsson.org> writes:
> Firefox may have some logic to re-try the connection using a lower TLS
> version when a higher TLS version did not work out well -- that logic
> would be useful to duplicate in elinks too.
ELinks already has logic to switch to SSLv3 only.
See ssl_set_no_tls in elinks/src/network/ssl/socket.c:
http://repo.or.cz/w/elinks.git?a=blob;f=src/network/ssl/socket.c;h=45b4b4a8887d2b54c12321a107c1b5a5d7382e85;hb=3801698ff1ddfa2aa94466e90851e496d95156c0
If the SSLv3 connection then succeeds, ELinks uses SSLv3 for
later connections to the same server too. This corresponds to
Pasky's report that only the first connection was slow. ELinks
doesn't save this blacklist to a file though, so it is lost when
ELinks is restarted.
Can you do something in GNUTLS to make the TLSv1.1 connection
fail sooner?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20090530/1a34cea7/attachment.pgp>
More information about the Pkg-gnutls-maint
mailing list