On 05/29/2013 03:13 PM, Nikos Mavrogiannopoulos wrote: > Interesting. This server negotiates C0.13 (which is > ECDHE-RSA-AES256-SHA), and selects SSL 3.0. This ciphersuite is only > defined for TLS 1.0 or later and that's why gnutls rejects it and closes > the connection. > > This was a bug of a particular openssl version on Debian. > > If this is a widespread issue we may try to work it around in gnutls and > allow elliptic curves even in SSL 3.0.
I've just forwarded this exchange to [email protected]; i'm hoping someone there can get back to to me about what they're running and whether it's a vendor issue or a configuration issue. It looks like their setup also *can't* negotiate TLS 1.0, which seems pretty broken to me these days. --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
