[gnutls-help] SSL Hanshake error
Nikos Mavrogiannopoulos
nmav at gnutls.org
Thu Nov 13 09:08:53 CET 2014
On Thu, Nov 13, 2014 at 3:27 AM, Niranjan Rao <nhrdls at gmail.com> wrote:
> Greetings,
> I am getting ssl handshake error while visiting site
> https://www.pge.com/eum/login and some other sites using Webkit GTK 2.2.6 on
> Ubuntu 12.04. I am really not certain which version of TLS library is
> getting used, but it appears that glib-networking version is 2.36.1.
> I raised the question on webkit gtk list and nice person
> mcatanzaro at igalia.com did some initial steps for debugging the issue and
> directed me to this mailing list for support. Following mail contains his
> analysis.
Hi,
It seems that following poodle many sites incorrectly banned SSL 3.0
record packet versions. Since gnutls uses an SSL 3.0 record to
advertise TLS 1.2, they are effectively banning it even if it doesn't
advertise SSL 3.0. That is a server issue, but it can be worked around
by using the modifier %LATEST_RECORD_VERSION, e.g.,
gnutls-cli www.pge.com --priority "NORMAL:%LATEST_RECORD_VERSION"
should work.
That seems like a good opportunity to make that the default.
regards,
Nikos
More information about the Gnutls-help
mailing list