[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS1.1 handshake problem (demonstrated with gnutls-cli)
|
From: |
Simon Josefsson |
|
Subject: |
Re: TLS1.1 handshake problem (demonstrated with gnutls-cli) |
|
Date: |
Fri, 16 Oct 2009 16:04:58 +0200 |
|
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) |
Vivek Dasmohapatra <address@hidden> writes:
>>> So, is this a bug in the TLS1.1/TLS1.2 implementation in gnutls, or
>>> is it the server doing something wrong, or both?
>>
>> The symptom indicates a fairly common TLS server problem. To know for
>> sure requires debugging the server side. But if you cannot get it to
>> work with any other TLS client (that supports TLS > 1.0) I would suspect
>> a server bug rather than a GnuTLS bug.
>
> Ok, thanks. I doubt we can get any debugging done on the server itself,
> ssltap indicates it gets a { 3, 2 } handshake and immedately returns
> an alert saying "unexpected message", so it does look like a server bug.
Yes, that is a typical symptom.
> Not sure if anything else implements 1.x yet, openssl doesn't and libnss3
> doesn't seem to either.
I suspect there will be interop problems in this area, but the pain paid
by us using new software will help to phase out older software on the
net.. just make sure users can disable TLS > 1.0 in your app and you
should be fine.
> Thanks for the quick response.
/Simon