Bug#638595: WWWOFFLE HTTPS now unusable
Andreas Metzler
ametzler at downhill.at.eu.org
Mon Aug 22 18:11:21 UTC 2011
On 2011-08-20 "Andrew M. Bishop" <amb at gedanken.demon.co.uk> wrote:
[...]
> There seems to be a bug with gnutls on the latest Debian (version
> 2.12.7-6 for me). Taking the example code from the gnutls
> documentation and compiling it gives me an SSL server that will not
> accept connections from Iceweasel, wget or the example client from the
> same gnutls documentation.
> http://www.gnu.org/software/gnutls/manual/html_node/Echo-Server-with-X_002e509-authentication.html
> http://www.gnu.org/software/gnutls/manual/html_node/Simple-client-example-with-X_002e509-certificate-support.html
[...]
> When run the server says:
> | Server ready. Listening to port '5556'.
> |
> | - connection from 127.0.0.1, port 34901
> | *** Handshake has failed (Could not negotiate a supported cipher suite.)
> and the client says:
> | *** Handshake failed
> | GnuTLS error: A TLS packet with unexpected length was received.
[...]
I have not wwoffle or its certificates installed, but the example code
does work with 2.12.7-6. I have just ran it unmodified using an example
certificate. - example-clientm gnutls-cli(-debug) and openssl s_client
all managed to connect.
I get the "Could not negotiate a supported cipher suite." if the
example server cannot read/find/access the neccessary cert bit (ca,
key and cert.)
cu andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Pkg-gnutls-maint
mailing list