TLS1.1 handshake problem (demonstrated with gnutls-cli)

Simon Josefsson simon at
Fri Oct 16 16:04:58 CEST 2009

Vivek Dasmohapatra <vivek at> writes:

>>> So, is this a bug in the TLS1.1/TLS1.2 implementation in gnutls, or
>>> is it the server doing something wrong, or both?
>> The symptom indicates a fairly common TLS server problem.  To know for
>> sure requires debugging the server side.  But if you cannot get it to
>> work with any other TLS client (that supports TLS > 1.0) I would suspect
>> a server bug rather than a GnuTLS bug.
> Ok, thanks. I doubt we can get any debugging done on the server itself,
> ssltap indicates it gets a { 3, 2 } handshake and immedately returns
> an alert saying "unexpected message", so it does look like a server bug.

Yes, that is a typical symptom.

> Not sure if anything else implements 1.x yet, openssl doesn't and libnss3
> doesn't seem to either.

I suspect there will be interop problems in this area, but the pain paid
by us using new software will help to phase out older software on the
net..  just make sure users can disable TLS > 1.0 in your app and you
should be fine.

> Thanks for the quick response.


More information about the Gnutls-devel mailing list