Problem with TLS 1.1 client connecting to TLS 1.0 server

Roland Dreier roland at
Thu Aug 27 07:47:34 CEST 2009

 > So it seems that _gnutls_gen_rsa_client_kx() should be using the
 > active version here, but I'm not sure what the correct real fix within
 > the gnutls design is.  Can someone provide guidance on how to fix this?

Never mind ... after reading the TLS spec more closely, I see that the
client is correct in using the highest version it offered in the
premaster secret.  This is a bug (and apparently a common bug -- it
appears in the ietf TLS interoperability draft) in the server, and I
will report it to the server people.

Sorry for the noise.

 - Roland
Roland Dreier  <roland at>  GPG Key: 1024D/E0EEFAC0
Fingerprint:     A89F B5E9 C185 F34D BD50  4009 37E2 25CC E0EE FAC0

 Sending >500KB attachments is forbidden by the Geneva Convention.
        Your country may be at risk if you fail to comply.

More information about the Gnutls-devel mailing list