On Thu, Jan 5, 2012 at 10:29 AM, Florian Weimer <[email protected]> wrote: > * Nikos Mavrogiannopoulos: >>> We're seeing interop issues with a TLSv1.2 server which advertises are >>> fairly restricted list of cipher suites. >> What do you see? > Well, the cipher suite thing was a different bug, on the server side, > not caused by GNUTLS. Fixing that didn't make a dent in the original > issue. > The issue is triggered when I use GNTULS 2.12.14 to connect to an > OpenJDK 7u2 server which requires client certificates. > Here's output from "gnutls-cli --debug 255": [...] > gnutls_sig.c:630 says: > | return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR); /* too bad we only > support SHA1 and SHA256 */
Can you try gnutls 3.0.x? It doesn't have this limitation. > This is a bit puzzling. Why does GNUTLS pick RSA-SHA512 if it doesn't > support the algorithm? Could you send me the transaction as a tcpdump raw file (to open with wireshark). I'll check later whether there can be a fix for 2.12.x. regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
