On Sun, 12 Oct 2008, Simon Josefsson wrote:
I was wrong, it doesn't work like that. GnuTLS doesn't send the
server_name extension by default, the application needs to call
gnutls_server_name_set explicitly to enable it. For gnutls-cli, you can
use --disable-extensions to avoid sending the server name:
gnutls-cli -p 636 bluepages.ibm.com -d 4711 --priority NORMAL:-VERS-TLS1.1
--disable-extensions
d*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
To disable both cert_type and server_name use:
gnutls-cli -d 4711 -p 443 yxa.extundo.com --priority
NORMAL:-VERS-TLS1.1:-CTYPE-OPENPGP --disable-extensions
works (after substituting bluepages.ibm.com) - which took me a minute to
catch ;)
Maybe TLS 1.1 isn't the problem, if so this should work:
gnutls-cli -d 4711 -p 443 yxa.extundo.com --priority NORMAL:-CTYPE-OPENPGP
--disable-extensions
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed
GNUTLS ERROR: A TLS packet with unexpected length was received.
I really hope one of these commands work. I think it would mean we
understand the server's bug, and know how to work around it without
resorting to falling back to SSL 3.0.
So it looks like it is indeed TLS 1.1 that is the problem ?
--
Rick Nelson
"This is the element_data structure for elements whose *element_type =
FORM_TYPE_SELECT_ONE, FORM_TYPE_SELECT_MULT. */ /* * nesting deeper
and deeper, harder and harder, go, go, oh, OH, OHHHHH!! * Sorry, got
carried away there. */ struct lo_FormElementOptionData_struct."
-- Mozilla source code
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
