[pkg-lynx-maint] Bug#785383: Bug#785383: lynx: Can't connect to (some) https sites
Kurt Roeckx
kurt at roeckx.be
Fri May 15 20:14:12 UTC 2015
On Fri, May 15, 2015 at 07:16:37PM +0200, Andreas Metzler wrote:
> On 2015-05-15 Axel Beckert <abe at debian.org> wrote:
> [...]
> > Thanks for that information. So this issue is likely not an issue in
> > Lynx per se. Because the version in Jessie works fine on Jessie as I
> > can confirm. Looks to me if it's a combination of the version of
> > lynx(-cur) and the GnuTLS library.
>
> Hello,
>
> GnuTLS has become more picky when evaluating priority strings and
> lynx is using an incorrect one.
Can you explain a little more what's wrong with the priority
string? (I have no idea what the current value is.)
So I've been looking at the packets it send, and it seems that
when using lynx it's not sending a signature algorithm extention
in the ClientHello at all, which for the server means it's the
default and should have used sha1, rsa.
Using gnutls-cli it sends a whole bunch of extensions it doesn't
send with lynx including the signature alorithms.
With lynx it's also sending an other cipher list, which doesn't
include any GCM based cipher suite. It should probably use some
default string instead.
But I don't understand why gnutls would close the connection in
that case and it seems you can get it into an inconsistent state.
Kurt
More information about the pkg-lynx-maint
mailing list