On Tue, Aug 9, 2016 at 11:17 AM, Michal Suchanek <[email protected]> wrote: >>> Hi Gnutls team, >>> Whenever I tried to connect an Windows IIS8 server I am getting below >>> error---- >>> - Key Exchange: RSA >>> - Protocol: TLS1.2 >>> - Certificate Type: X.509 >>> - Compression: NULL >>> - Cipher: AES-128-CBC >>> - MAC: SHA256 >>> Note: SSL paramaters may change as new connections are established to the >>> server. >>> /usr/bin/httpfs2-ssl: main: closing socket. >>> /usr/bin/httpfs2-ssl: main: closing SSL socket. >>> /usr/bin/httpfs2-ssl: main: initializing SSL socket. >>> /usr/bin/httpfs2-ssl: main: read: -37 Rehandshake was requested by the >>> peer.. >> >> The server requested a rehandshake but the client (httpfs2-ssl) you >> are using didn't handle it. You'd better report it to that tool. > what is needed on the clients part to handle the rehandshake? > Does GnuTLS not handle rehandshake internally?
No. Rehandshake typically means re-authentication and the application must handle this explicitly with gnutls (see [0]). By the time you receive such a rehandshake request by the server you can either ignore it (which the server may or may not like), or act on it by following the instructions on [0]. Servers typically ask for rehandshake when the want to connected user to reauthenticate using a client certificate or so. Overall it is best to use gnutls_error_is_fatal() and ignore non-fatal errors from gnutls_record_recv() and gnutls_handshake(). regards, Nikos [0]. https://www.gnutls.org/manual/html_node/Re_002dauthentication.html _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
